Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple iexplore.exe


  • This topic is locked This topic is locked
23 replies to this topic

#1 onceafireman

onceafireman

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:07:02 PM

Posted 01 May 2010 - 01:49 AM

My computer starts up with IE8 even though I have done nothing. It continues to do this until there are multiple iexplore.exe running. They can't be seen, just heard. What I have done so far: Updated anti virus and ad-aware and ran full scan with both of them. Same problem. Added a-squared free and did the best I could in trying to decipher what needed to go. Nothing. Finally, uninstalled IE8 to see if the malware hitched a ride with the version. Not. At this point I have blocked access of iexplore.exe with Bitdefender Firewall so it is taken care of, but not. I have read so much on this little piece of malware that my mind is turning to mush. Below is the Hijackthis log and I am hoping that there are some pretty smart people here that can find the problem in there. It is driving me nuts not being able to figure it out.java script:add_smilie(":wacko:","smid_15") Thank you for you time and expertise.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:12 PM, on 4/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\A-squared\a2service.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rewindamerica.org/HomePage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: ezLife browser enhancer rghblmny - {00E1DA10-54EF-4A74-B0ED-5CB0E6C45022} - C:\WINDOWS\system32\rghblmny.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: hotrevenue browser enhancer - {5C7541A3-5C52-0F93-9AB3-50841B5DF033} - C:\WINDOWS\system32\vhmtgdbwtnl.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [fydgoqckktcgs] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\vhmtgdbwtnl.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\udiyhmug.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.55.dll (file missing)
O9 - Extra 'Tools' menuitem: FireShot menu - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\udiyhmug.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.55.dll (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} (DVROcxEx Control) - http://192.168.0.196:85/DVROcxEx.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\A-squared\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: WinSSHD - Bitvise - C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
Have a blessed day!

-Steve

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:02 AM

Posted 04 May 2010 - 11:56 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 onceafireman

onceafireman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:07:02 PM

Posted 07 May 2010 - 02:37 AM

Okay Elise025,

I'm all set and ready to go. I appreciate that you have taken on the challenge. Besides good luck, I will say a small prayer.

-Onceafireman

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:02 AM

Posted 07 May 2010 - 03:51 AM

Okay, please post the requested logs. If you have trouble running GMER, try to run the scan with only the Sections option checked.

Take your time smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 onceafireman

onceafireman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:07:02 PM

Posted 07 May 2010 - 09:16 PM

Hi Elise,

I just wanted to let you know that I am not ignoring this multiple iexplore.exe situation. I am having difficulty getting through gmer, even in safe mode. I made it all the way through in safe mode, but when I went to save it, it disappeared. I will make another attempt tomorrow.

Thanks for your patience,

-Steve

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:02 AM

Posted 08 May 2010 - 03:32 AM

QUOTE
If you have trouble running GMER, try to run the scan with only the Sections option checked.
smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 onceafireman

onceafireman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:07:02 PM

Posted 09 May 2010 - 09:43 AM

Hi Elise,

I was finally able to complete the gmer log, however it should be noted that the Extra.txt from the OLT is 2 days old. I reran the program but kept getting the error message - No Windows Disk - Exception Processing Message c0000013 Parameters 75b6bf7c 75b6bf7c 75b6bf7c. My options were Cancel - Try Again - Continue - I pressed Continue 4 times before it resumed. At the end of it, there was no Extra.txt, only OLTListIt.txt. Below is the OLT text, then Extra, then gmer.log.

Thank you very much!

-Steve

--------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 5/7/2010 1:41:10 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2880 4320 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.38 Gb Total Space | 153.84 Gb Free Space | 68.26% Space Free | Partition Type: NTFS
Drive D: | 7.48 Gb Total Space | 0.48 Gb Free Space | 6.43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 55.90 Gb Total Space | 49.59 Gb Free Space | 88.71% Space Free | Partition Type: NTFS
Drive H: | 488.98 Mb Total Space | 437.30 Mb Free Space | 89.43% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: STEVE
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2513264196-182807146-495379214-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\Sierra On-Line\SIGSPat.exe" = C:\Program Files\Sierra On-Line\SIGSPat.exe:*:Disabled:SIGSPat -- (Cendant Software, Inc.)
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- File not found
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent -- File not found
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink -- File not found
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Disabled:Kaspersky AV Scanner -- File not found
"C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Disabled:Morpheus -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19F8C650-C951-421A-BD2D-AEDA9B450BDD}" = Flash Lite 2.1 Update for Flash Professional 8
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}" = AllWebMenus PRO 5.2.824
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}" = Google Earth Pro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5058B085-AA79-41E5-A726-681B4C4B846E}" = ACDSee 5.0 PowerPack
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{58762801-BA53-42B3-890B-C6B9CC8CFE26}" = QuickConnect
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5AF8C46D-A141-4E69-9EB5-76A43ED29281}" = Charter High Speed Internet Self-Installation Wizard
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1" = Tetris
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A149E33D-74B9-4033-9B53-A5DE82864850}" = BitDefender Internet Security 2010
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB562530-921D-11DE-A208-005056C00008}" = Paragon Backup & Recovery™ 10.1 Free Edition
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam Software
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EBD5129F-9656-4E28-890A-4D1D40906AC5}" = VideoWave 7 Professional
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F523EA0F-D930-4825-A69D-AC8407A4DFA0}" = TurboTax 2008 woriper
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"a-squared Free_is1" = a-squared Free 4.5
"ATI Display Driver" = ATI Display Driver
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Copernic Agent Professional" = Copernic Agent Professional
"Defraggler" = Defraggler (remove only)
"Digsby" = Digsby
"DynGate" = DynGate
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Estate Planner 2.0" = Estate Planner 2.0
"EULAlyzer_is1" = EULAlyzer v1.2
"ezLife" = ezLife browser enhancer
"Fellowes/NEATO MediaFACE" = Fellowes/NEATO MediaFACE
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"FrostWire" = FrostWire 4.18.1
"getPlus®_ocx" = getPlus®_ocx
"Half-Life" = Half-Life
"Half-Life: Blue Shift" = Half-Life: Blue Shift
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Image Zone for Media Center PC" = HP Image Zone for Media Center PC
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"iLuminaPremiumStarter" = iLumina Gold Premium Starter
"InfraRecorder" = InfraRecorder
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"JAIELangPack" = Japanese Language Support
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money 2007
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Ahead NeroMediaPlayer
"ObjectDock" = ObjectDock
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Pretty Good Solitaire - Additional Card Sets_is1" = Pretty Good Solitaire - Additional Card Sets 11.0
"Pretty Good Solitaire 500_is1" = Pretty Good Solitaire 500 version 8.0.1
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QcDrv" = Logitech® Camera Driver
"Quicken Business Lawyer 2001" = Quicken Business Lawyer 2001
"Quicken Family Lawyer 2001" = Quicken Family Lawyer 2001
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.83
"Sierra Utilities" = Sierra Utilities
"ST6UNST #1" = BibleDatabase
"TeamViewer 5" = TeamViewer 5
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"TurboTax 2008" = TurboTax 2008
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinSSHD" = Bitvise WinSSHD 4.27 (remove only)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xczyovujpvcekkav" = Performance Solution Hotrevenue

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2513264196-182807146-495379214-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2010 2:43:12 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/7/2010 2:43:12 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/7/2010 2:45:18 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/7/2010 2:45:18 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/7/2010 3:12:10 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/7/2010 3:12:10 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/7/2010 3:12:37 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/7/2010 3:12:37 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/7/2010 4:43:10 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/7/2010 4:43:10 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 5/2/2010 10:53:31 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 5/2/2010 10:53:50 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7034
Description = The Logitech Process Monitor service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/4/2010 4:26:22 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 5/4/2010 4:26:45 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7034
Description = The Logitech Process Monitor service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/4/2010 5:28:48 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/5/2010 4:22:10 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 5/5/2010 4:22:37 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7034
Description = The Logitech Process Monitor service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/5/2010 4:29:20 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 5/5/2010 4:29:42 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7034
Description = The Logitech Process Monitor service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/7/2010 3:12:15 AM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058


< End of report >

--------------------------------------------------------------------------------------------------------------------------------------


OTL logfile created on: 5/9/2010 7:05:11 AM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2880 4320 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.38 Gb Total Space | 153.61 Gb Free Space | 68.16% Space Free | Partition Type: NTFS
Drive D: | 7.48 Gb Total Space | 0.48 Gb Free Space | 6.43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 55.90 Gb Total Space | 49.59 Gb Free Space | 88.71% Space Free | Partition Type: NTFS
Drive H: | 488.98 Mb Total Space | 416.27 Mb Free Space | 85.13% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: STEVE
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/07 01:38:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Downloads\OldTimersTool.exe
PRC - [2010/05/04 13:56:58 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\A-squared\a2service.exe
PRC - [2010/04/01 07:00:18 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/04/01 07:00:15 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/02/11 05:01:40 | 005,150,504 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/02/11 04:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/01/11 13:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/09/05 13:38:47 | 003,502,888 | ---- | M] (Bitvise) -- C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
PRC - [2008/04/13 17:12:32 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regsvr32.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 15:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/04/30 02:07:00 | 000,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\SAgent4.exe
PRC - [2004/02/19 03:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP1.EXE
PRC - [2003/05/15 16:41:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE
PRC - [2001/11/23 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/07 01:38:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Downloads\OldTimersTool.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/12/09 15:37:42 | 000,086,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2010/05/04 13:56:58 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/04/29 22:44:31 | 001,285,864 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\A-squared\a2service.exe -- (a2free)
SRV - [2010/04/01 07:00:15 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/02/11 04:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/01/11 13:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/10/19 16:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/05 13:38:47 | 003,502,888 | ---- | M] (Bitvise) [Auto | Running] -- C:\Program Files\Bitvise WinSSHD\WinSSHD.exe -- (WinSSHD)
SRV - [2008/01/23 15:17:41 | 001,251,720 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/12/09 15:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/04/30 02:07:00 | 000,122,880 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\SAgent4.exe -- (StatusAgent4)
SRV - [2004/02/19 03:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP1.EXE -- (EPSON_PM_RPCV2_01) EPSON V3 Service2(03)
SRV - [2001/11/23 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - [2010/05/04 13:57:00 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/05/04 13:57:00 | 000,085,128 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2010/05/04 13:57:00 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/05/04 13:56:56 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2010/04/01 07:00:15 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/03/20 10:34:03 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2010/03/20 10:34:03 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/03/20 10:34:03 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/15 13:21:16 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/01/15 13:21:16 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2010/01/15 13:21:16 | 000,034,392 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2009/10/04 14:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/06/29 15:31:46 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/07 01:37:36 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2007/05/11 15:32:27 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/09 15:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/12/09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/12/09 15:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2005/12/05 20:28:38 | 000,014,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2005/12/05 20:28:33 | 001,103,488 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2005/12/05 20:26:54 | 002,010,240 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2005/12/05 20:26:16 | 000,039,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/13 22:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/30 01:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 14:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/12/15 15:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/08 13:36:28 | 000,013,105 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2004/06/08 13:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 13:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 13:35:18 | 000,054,817 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2004/06/08 13:35:08 | 000,071,533 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/06/08 13:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2004/01/27 19:34:56 | 000,140,416 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/27 19:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2003/11/05 15:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2513264196-182807146-495379214-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-2513264196-182807146-495379214-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-2513264196-182807146-495379214-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rewindamerica.org/HomePage.html
IE - HKU\S-1-5-21-2513264196-182807146-495379214-1008\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKU\S-1-5-21-2513264196-182807146-495379214-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2513264196-182807146-495379214-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/03 13:21:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 5\components [2010/04/21 09:57:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugins [2010/04/25 10:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/16 15:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/04/03 14:13:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/04/15 14:53:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010/03/20 10:39:04 | 000,000,000 | ---D | M]

[2010/04/16 15:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/04/16 15:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/06 17:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/05/08 18:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions
[2009/11/06 15:43:44 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/04/29 12:30:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/29 21:31:35 | 000,000,000 | ---D | M] (ColorResults) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{20E2E952-0E3E-4b83-A1CE-5340C10F43A9}
[2010/02/14 02:00:17 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/02/18 19:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010/02/23 16:46:04 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/04/29 21:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\ClickCutterAutoSearch@clickcutter.com
[2010/04/18 19:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\keyscrambler@qfx.software.corporation
[2010/02/23 16:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\noia2_option@kk.noia
[2009/11/06 15:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\OPIE@guid.customsoftwareconsult.com
[2010/04/29 20:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\searchsite@DW-dev
[2010/02/18 19:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\silvermel@pardal.de
[2009/11/06 15:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y4bbt7ym.default\extensions
[2009/11/06 15:34:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y4bbt7ym.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/06 15:34:15 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y4bbt7ym.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/11/06 17:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\SeaMonkey\Profiles\wmsnvx2q.default\extensions

O1 HOSTS File: ([2004/08/10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {00E1DA10-54EF-4A74-B0ED-5CB0E6C45022} - No CLSID value found.
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (hotrevenue browser enhancer) - {5C7541A3-5C52-0F93-9AB3-50841B5DF033} - C:\WINDOWS\system32\vhmtgdbwtnl.dll ()
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKU\S-1-5-21-2513264196-182807146-495379214-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2513264196-182807146-495379214-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2513264196-182807146-495379214-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2513264196-182807146-495379214-1008\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [fydgoqckktcgs] C:\WINDOWS\System32\vhmtgdbwtnl.dll ()
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2513264196-182807146-495379214-1008..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2513264196-182807146-495379214-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : FireShot menu - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - Reg Error: Value error. File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} https://install.charter.com/diskless/bin/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} http://192.168.0.196:85/DVROcxEx.cab (DVROcxEx Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/08 14:37:22 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 20:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 12:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{eb711070-68b6-11dd-affc-0015f2381ce3}\Shell - "" = AutoRun
O33 - MountPoints2\{eb711070-68b6-11dd-affc-0015f2381ce3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb711070-68b6-11dd-affc-0015f2381ce3}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/08 18:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/08 18:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/08 18:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/07 01:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Malwarebytes Log
[2010/05/06 23:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2010/05/06 23:49:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/06 23:49:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/06 23:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2010/05/06 23:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/30 15:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/30 15:17:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/30 15:17:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/30 15:17:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/30 15:17:32 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/30 14:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ezLife
[2010/04/30 10:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\a-squared Free
[2010/04/30 10:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\A-squared
[2010/04/28 14:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/27 00:18:47 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\thawbrkr.dll
[2010/04/27 00:18:47 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/04/27 00:18:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/04/27 00:18:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2010/04/27 00:18:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2010/04/27 00:18:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/04/27 00:18:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2010/04/27 00:18:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/04/25 10:00:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/23 08:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Likno Software
[2010/04/22 20:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/04/22 09:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/04/21 07:47:50 | 000,000,000 | ---D | C] -- C:\SystemRoot
[2010/04/20 17:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/04/17 20:40:19 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/17 20:38:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/17 00:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Auto Maintenence
[2010/04/16 10:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\ASIFlex
[2010/04/15 20:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\North Star Bible Camp
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/09 07:02:34 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
[2010/05/09 07:00:51 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Dataprivacy.xml
[2010/05/09 07:00:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/09 07:00:06 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2513264196-182807146-495379214-1008UA.job
[2010/05/09 07:00:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 07:00:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 06:59:59 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/09 06:59:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/05/08 18:58:31 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Bleeping Computer.doc
[2010/05/08 13:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/08 13:00:32 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{055FD4AE-75CC-4A4E-95CD-B522F2D56417}.job
[2010/05/07 22:42:08 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\GMER.rtf
[2010/05/07 11:12:54 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/05/07 09:13:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2513264196-182807146-495379214-1008Core.job
[2010/05/07 00:44:56 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2010/05/04 13:56:56 | 000,111,312 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2010/05/02 19:21:58 | 000,550,852 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Queen.jpg
[2010/05/02 19:18:57 | 000,491,670 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Bees.jpg
[2010/05/02 19:17:57 | 000,517,315 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\BeeHive.jpg
[2010/05/02 01:25:33 | 419,430,912 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Fort Knox.bvd
[2010/05/01 18:59:16 | 000,000,674 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/01 18:59:16 | 000,000,279 | ---- | M] () -- C:\boot.ini
[2010/05/01 18:59:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/01 16:14:49 | 000,108,861 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Spa.stx
[2010/05/01 13:38:24 | 000,125,517 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Medco.jpg
[2010/04/30 16:19:35 | 000,378,229 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FireShot capture #051.jpg
[2010/04/30 15:17:14 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/30 15:17:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/30 15:17:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/30 15:17:14 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/30 15:17:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/30 15:12:51 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/30 15:12:47 | 000,552,646 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/30 15:12:47 | 000,463,840 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/30 15:12:47 | 000,078,990 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 22:39:25 | 002,015,286 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2010/04/29 21:41:55 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 15:03:34 | 000,173,754 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Privacy Policy Redline - March 26, 2010.pdf
[2010/04/28 08:21:22 | 000,406,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/28 08:00:12 | 000,044,906 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Membership Covenant.pdf
[2010/04/27 00:01:49 | 000,048,272 | ---- | M] () -- C:\WINDOWS\System32\xczyovujpvcekkav.exe
[2010/04/26 22:54:44 | 000,057,270 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FireShot capture #050 - 'Dual Authentication' - www_cascadecuhb_org_hbv3_2_hbID_challengeFrame_aspx.jpg
[2010/04/26 22:50:52 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Building the Web Site.doc
[2010/04/26 22:01:31 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2010/04/26 16:12:53 | 000,293,675 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Grammy.jpg
[2010/04/26 14:13:36 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application DataProductTweaks.xml
[2010/04/23 16:48:41 | 000,095,185 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Old Glory.jpg
[2010/04/23 16:47:12 | 000,098,582 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Percy Moran, The Birth of Old Glory (1917). Courtesy of the Library of Congress.jpg
[2010/04/23 16:35:20 | 000,051,696 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\image001.jpg
[2010/04/22 22:12:56 | 000,441,685 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\MedcoNewPrescription.pdf
[2010/04/21 13:21:57 | 000,000,031 | ---- | M] () -- C:\WINDOWS\Quicken.ini
[2010/04/21 13:17:25 | 000,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2010/04/20 19:44:39 | 000,018,241 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Contacts.CSV
[2010/04/20 19:42:37 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Contacts.pst
[2010/04/20 19:39:55 | 000,038,491 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Comma Separated Values (Windows).ADR
[2010/04/20 19:34:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/04/20 18:00:05 | 000,058,537 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jen.stx
[2010/04/20 17:32:31 | 000,000,748 | ---- | M] () -- C:\WINDOWS\CDFACE32.INI
[2010/04/20 17:29:43 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 17:27:20 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Books of the Bible Generic.xls
[2010/04/20 08:47:31 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/20 08:42:24 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/04/17 20:39:52 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/17 20:39:43 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/16 11:36:14 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\FAX ASIFlex.doc
[2010/04/14 16:31:58 | 005,913,894 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\CBS.wmv
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/08 18:58:31 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Bleeping Computer.doc
[2010/05/08 12:53:56 | 2078,855,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/07 22:42:07 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\GMER.rtf
[2010/05/07 00:44:56 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2010/05/02 19:21:58 | 000,550,852 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Queen.jpg
[2010/05/02 19:18:57 | 000,491,670 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Bees.jpg
[2010/05/02 19:17:57 | 000,517,315 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\BeeHive.jpg
[2010/05/01 16:14:49 | 000,108,861 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Spa.stx
[2010/05/01 13:37:27 | 000,125,517 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Medco.jpg
[2010/04/28 15:03:34 | 000,173,754 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Privacy Policy Redline - March 26, 2010.pdf
[2010/04/28 10:07:56 | 000,378,229 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FireShot capture #051.jpg
[2010/04/28 08:00:11 | 000,044,906 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Membership Covenant.pdf
[2010/04/27 19:09:51 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/27 00:18:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/04/27 00:18:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2010/04/27 00:18:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/04/27 00:18:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2010/04/27 00:18:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/04/27 00:18:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2010/04/27 00:18:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/04/27 00:18:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2010/04/27 00:18:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/04/27 00:18:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2010/04/27 00:18:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/04/27 00:18:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2010/04/27 00:18:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/04/27 00:18:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2010/04/27 00:18:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/04/27 00:18:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2010/04/26 23:45:39 | 000,048,272 | ---- | C] () -- C:\WINDOWS\System32\xczyovujpvcekkav.exe
[2010/04/26 22:54:44 | 000,057,270 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FireShot capture #050 - 'Dual Authentication' - www_cascadecuhb_org_hbv3_2_hbID_challengeFrame_aspx.jpg
[2010/04/26 22:50:52 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Building the Web Site.doc
[2010/04/26 16:12:53 | 000,293,675 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Grammy.jpg
[2010/04/23 16:48:41 | 000,095,185 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Old Glory.jpg
[2010/04/23 16:47:11 | 000,098,582 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Percy Moran, The Birth of Old Glory (1917). Courtesy of the Library of Congress.jpg
[2010/04/23 16:35:18 | 000,051,696 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\image001.jpg
[2010/04/20 19:40:55 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Contacts.pst
[2010/04/20 19:39:41 | 000,018,241 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Contacts.CSV
[2010/04/20 19:09:12 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/04/20 18:00:05 | 000,058,537 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jen.stx
[2010/04/20 17:27:20 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Books of the Bible Generic.xls
[2010/04/16 11:36:14 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\FAX ASIFlex.doc
[2010/04/14 16:31:56 | 005,913,894 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CBS.wmv
[2010/04/08 00:12:14 | 000,297,984 | ---- | C] () -- C:\WINDOWS\System32\vbppoojc.dll
[2010/04/08 00:12:00 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\navhofcf.dll
[2010/03/17 06:14:48 | 000,496,128 | ---- | C] () -- C:\WINDOWS\System32\vhmtgdbwtnl.dll
[2009/08/27 19:53:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2009/06/29 15:31:46 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/15 12:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/09/16 14:54:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\DVRConfig.dll
[2008/08/24 21:34:31 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2008/07/16 14:46:08 | 000,000,033 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/23 07:34:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2008/04/19 20:57:38 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/10/24 17:25:51 | 000,013,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/10/24 17:20:54 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2007/10/09 14:14:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/10/07 15:09:26 | 000,000,160 | ---- | C] () -- C:\WINDOWS\EPSON RX500 Installer.ini
[2007/09/29 19:34:40 | 000,000,603 | ---- | C] () -- C:\WINDOWS\FNTNSTLR.INI
[2007/09/29 18:42:44 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/31 06:41:54 | 000,000,748 | ---- | C] () -- C:\WINDOWS\CDFACE32.INI
[2007/08/31 06:41:53 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2007/08/31 06:41:52 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2007/07/30 13:40:26 | 000,000,455 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/07/14 16:45:16 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/07/14 16:45:16 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/07/14 16:45:16 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/20 15:35:34 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2007/05/20 15:35:28 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/05/20 15:34:10 | 000,000,539 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/05/12 18:00:23 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/05/12 18:00:13 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/05/12 17:55:31 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/05/12 17:54:30 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2005/12/09 15:37:42 | 002,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/12/09 15:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/12/09 15:35:54 | 002,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/12/08 15:04:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/08 14:44:50 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/12/08 14:40:11 | 000,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/12/08 14:40:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/12/08 14:37:55 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/12/08 14:34:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/08 14:30:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/08 14:30:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/08 14:30:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/08 14:30:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/08 14:30:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/08 14:30:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/08 14:25:28 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/08 14:24:36 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/12/08 13:59:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/08 13:52:52 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/12/08 13:52:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/12/08 13:52:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 13:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/10/26 15:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/26 15:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/03/21 15:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 13:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 22:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001/07/06 23:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996/02/23 14:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[1996/02/22 12:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\outlook.pst:SummaryInformation
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
< End of report >

--------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-09 00:28:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\ugtdypob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAllocateVirtualMemory [0xB0FF3AE4]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAssignProcessToJobObject [0xB0FF3E4E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwConnectPort [0xB0FF513E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateFile [0xB0FF4868]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateKey [0xB0FF55C6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcess [0xB0FF3F98]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcessEx [0xB0FF401A]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateSection [0xB0FF468C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateThread [0xB0FF36E6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDeviceIoControlFile [0xB0FF56C6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDuplicateObject [0xB0FF82F4]
SSDT spdp.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spdp.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwFsControlFile [0xB0FF5804]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwLoadDriver [0xB0FF625C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenFile [0xB0FF477C]
SSDT spdp.sys ZwOpenKey [0xBA6A80C0]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenProcess [0xB0FF8046]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenSection [0xB0FF45AC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenThread [0xB0FF8174]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwProtectVirtualMemory [0xB0FF39E2]
SSDT spdp.sys ZwQueryKey [0xBA6C7108]
SSDT spdp.sys ZwQueryValueKey [0xBA6C6F88]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwQueueApcThread [0xB0FF3EF0]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwReplaceKey [0xB0FF5DBE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestPort [0xB0FF51CE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestWaitReplyPort [0xB0FF4F6A]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRestoreKey [0xB0FF5E2E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSecureConnectPort [0xB0FF5374]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetContextThread [0xB0FF37D6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSecurityObject [0xB0FF5D4E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSystemInformation [0xB0FF3BE8]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918BFE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendProcess [0xB0FF3944]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendThread [0xB0FF38A6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSystemDebugControl [0xB0FF3DAC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateProcess [0xB0FF7FB6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateThread [0xB0FF8402]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwWriteVirtualMemory [0xB0FF35E4]

INT 0x62 ? 8A761BF8
INT 0x73 ? 8A761BF8
INT 0x82 ? 8A761BF8
INT 0xB4 ? 8A1C1F00
INT 0xB4 ? 8A1C1F00
INT 0xB4 ? 8A1C1F00
INT 0xB4 ? 8A1C1F00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F90 8050482C 4 Bytes CALL 9901476C
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [44, 39, FF, B0, A6, 38, FF, ...]
? spdp.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B96B78AC 5 Bytes JMP 8A1C14E0

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\A-squared\a2service.exe[608] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00454E05 C:\Program Files\A-squared\a2service.exe (a-squared Service/Emsi Software GmbH)
.text C:\WINDOWS\system32\SearchIndexer.exe[2480] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E352046 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FC7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35200B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F53 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F8D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxIndirectParamA 7E456D7D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352081 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E352243 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 78FDCFC5 C:\WINDOWS\system32\vhmtgdbwtnl.dll
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateEvent + 5 7C90D093 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateMutant + 5 7C90D113 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateSection + 5 7C90D183 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtOpenSection + 5 7C90D633 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtWriteFile + 5 7C90DF83 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!RtlCreateProcessParameters 7C922E99 1 Byte [E9]
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!RtlCreateProcessParameters 7C922E99 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!PulseEvent 7C82C06E 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateDirectoryW 7C832402 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CheckRemoteDebuggerPresent 7C85AAF2 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateDirectoryExW 7C85B5CA 1 Byte [E9]
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spdp.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spdp.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spdp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spdp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spdp.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01802F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01802DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01802D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01802DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6F01F8

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

Device \FileSystem\Fastfat \FatCdrom 89B79500

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\usbohci \Device\USBPDO-0 8A317500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7621F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A7621F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A7621F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A7621F8
Device \Driver\usbohci \Device\USBPDO-1 8A317500
Device \Driver\usbehci \Device\USBPDO-2 8A2D5500

AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6F31F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6F31F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device \Driver\Cdrom \Device\CdRom0 8A1AD500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A6F31F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device \Driver\Cdrom \Device\CdRom1 8A1AD500
Device \Driver\usbstor \Device\00000090 898A8500
Device \Driver\NetBT \Device\NetBt_Wins_Export 89D371F8
Device \Driver\usbstor \Device\00000091 898A8500
Device \Driver\NetBT \Device\NetbiosSmb 89D371F8
Device \Driver\usbstor \Device\00000092 898A8500
Device \Driver\usbstor \Device\00000085 898A8500
Device \Driver\usbstor \Device\00000093 898A8500
Device \Driver\usbstor \Device\00000087 898A8500

AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\usbstor \Device\00000089 898A8500

AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\usbohci \Device\USBFDO-0 8A317500
Device \Driver\usbohci \Device\USBFDO-1 8A317500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89D281F8
Device \Driver\usbehci \Device\USBFDO-2 8A2D5500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89D281F8
Device \Driver\Ftdisk \Device\FtControl 8A6F31F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{3DDD79D0-1109-4A92-89CF-1C9AAA581CA8} 89D371F8
Device \FileSystem\Fastfat \Fat 89B79500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

Device \FileSystem\Cdfs \Cdfs 89B01500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\EULZMGA0\background_gradientCA7YOHKN 453 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\KGKCIJLM\ErrorPageTemplateCANVIIW1 2168 bytes

---- EOF - GMER 1.0.15 ----


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:02 AM

Posted 09 May 2010 - 12:16 PM

Hello again,

P2P WARNING
-------------------
Going over your logs I noticed that you have FrostWire installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall FrostWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 onceafireman

onceafireman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:07:02 PM

Posted 09 May 2010 - 11:30 PM

Hi Elise,

I never did get the dialog box indicating that ComboFix was installed. However, after all was said and done, I have the ComboFix.txt for you.
Also, I uninstalled FrostWire as requested. It wasn't a program that was used very much anyway and, when used, I was very vigilant to scan any downloaded files. It is only because of the growing Malware and Spyware problem that I no longer feel secure using it. Thank you for the shove in the right direction.
I cannot including a screen shot that shows there are still 2 iexplorer.exe open when I am only using one. The good news is that it is no longer taking over. I don't hear music in the background either. Something worked!

-Steve



ComboFix 10-05-09.04 - HP_Administrator 05/09/2010 21:00:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1466 [GMT -7:00]
Running from: c:\downloads\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\ezLife
c:\documents and settings\HP_Administrator\Application Data\ezLife\ezLife\log.xml
c:\program files\Mozilla Firefox\components\nsFFxSHot.xpt
c:\windows\desktop
c:\windows\desktop\Install America Online - Free Trial.lnk
c:\windows\system32\navhofcf.dll
c:\windows\system32\vbppoojc.dll
c:\windows\system32\vhmtgdbwtnl.dll
c:\windows\system32\xczyovujpvcekkav.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-09 01:18 . 2010-05-09 01:18 -------- d-----w- c:\program files\iPod
2010-05-09 01:18 . 2010-05-09 01:19 -------- d-----w- c:\program files\iTunes
2010-05-09 01:11 . 2010-05-09 01:11 -------- d-----w- c:\program files\Bonjour
2010-05-09 01:10 . 2010-05-09 01:10 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-07 06:50 . 2010-05-07 06:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2010-05-07 06:49 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 06:49 . 2010-05-07 06:50 -------- d-----w- c:\program files\Malwarebytes
2010-05-07 06:49 . 2010-05-07 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-07 06:49 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-30 22:17 . 2010-04-30 22:17 -------- d-----w- c:\program files\Common Files\Java
2010-04-30 17:11 . 2010-04-30 20:22 -------- d-----w- c:\program files\A-squared
2010-04-28 21:28 . 2010-04-28 21:28 -------- d-----w- c:\program files\Trend Micro
2010-04-28 15:53 . 2010-04-28 15:53 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-04-27 07:18 . 2004-08-10 13:00 185344 ----a-w- c:\windows\system32\thawbrkr.dll
2010-04-27 07:18 . 2004-08-10 13:00 185344 ----a-w- c:\windows\system32\dllcache\thawbrkr.dll
2010-04-27 07:18 . 2004-08-10 13:00 10752 ----a-w- c:\windows\system32\dllcache\c_iscii.dll
2010-04-27 07:18 . 2004-08-10 13:00 10752 ------w- c:\windows\system32\c_iscii.dll
2010-04-27 07:18 . 2004-08-10 13:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2010-04-27 07:18 . 2004-08-10 13:00 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll
2010-04-27 07:18 . 2004-08-10 13:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2010-04-27 07:18 . 2004-08-10 13:00 6144 ----a-w- c:\windows\system32\dllcache\ftlx041e.dll
2010-04-25 17:00 . 2010-04-30 22:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-23 15:07 . 2010-04-23 15:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Likno Software
2010-04-23 03:17 . 2010-04-23 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2010-04-23 03:17 . 2010-04-22 15:21 152064 --s-a-r- c:\documents and settings\All Users\Application Data\InstallMate\{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}\_Setup.dll
2010-04-23 03:17 . 2010-04-08 00:52 240632 --s-a-r- c:\documents and settings\All Users\Application Data\InstallMate\{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}\TsuDll.dll
2010-04-23 03:17 . 2010-04-08 00:51 34808 --s-a-r- c:\documents and settings\All Users\Application Data\InstallMate\{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}\Setup.exe
2010-04-22 16:53 . 2010-04-22 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2010-04-21 14:47 . 2010-04-21 14:47 -------- d-----w- C:\SystemRoot
2010-04-21 00:59 . 2010-04-21 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2010-04-19 02:13 . 2009-10-05 19:34 796400 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
2010-04-18 03:40 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-18 03:39 . 2010-04-18 03:39 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-04-18 03:39 . 2010-04-18 03:39 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-04-18 03:39 . 2010-04-28 15:54 16456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-04-18 03:38 . 2010-04-18 03:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-18 03:38 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 03:54 . 2007-05-11 23:20 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-10 03:45 . 2009-12-21 04:00 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 5
2010-05-10 00:56 . 2007-05-12 14:06 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-09 01:18 . 2008-07-16 22:02 -------- d-----w- c:\program files\Common Files\Apple
2010-05-04 20:56 . 2009-10-19 23:04 111312 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2010-05-02 05:49 . 2010-03-25 23:45 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-01 23:30 . 2005-12-08 21:29 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-04-30 23:13 . 2007-05-11 23:18 -------- d-----w- c:\program files\Opera
2010-04-30 22:00 . 2005-12-08 21:02 -------- d-----w- c:\program files\Java
2010-04-30 05:44 . 2009-10-15 00:19 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-04-30 05:44 . 2009-10-15 00:19 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-04-30 05:44 . 2009-10-15 00:19 443344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-04-30 05:44 . 2009-10-15 00:19 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-30 05:44 . 2009-10-15 00:19 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-30 05:44 . 2009-10-15 00:19 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-30 05:44 . 2009-10-15 00:19 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-30 05:44 . 2009-10-15 00:19 1285864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-28 15:55 . 2009-10-29 00:13 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-04-28 15:55 . 2009-10-15 00:19 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-04-28 15:55 . 2009-10-15 00:19 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-04-28 15:55 . 2009-10-29 00:13 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-04-28 15:55 . 2009-10-15 00:19 167824 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-04-28 15:54 . 2009-10-29 00:13 6306640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-04-28 15:54 . 2009-10-15 00:19 335728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-04-28 15:54 . 2009-10-15 00:19 95248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-04-28 15:54 . 2009-10-15 00:19 967640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-27 07:15 . 2009-10-15 00:13 -------- d-----w- c:\program files\Lavasoft
2010-04-27 07:14 . 2009-09-08 01:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FrostWire
2010-04-26 04:57 . 2007-06-09 23:50 -------- d-----w- c:\program files\CCleaner
2010-04-23 16:01 . 2010-01-05 04:47 -------- d-----w- c:\program files\iLuminaPremiumStarter
2010-04-23 03:17 . 2009-08-28 02:52 -------- d-----w- c:\program files\AllWebMenus5
2010-04-23 03:14 . 2009-08-26 01:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Likno
2010-04-21 20:22 . 2005-12-08 21:37 -------- d-----w- c:\program files\Quicken
2010-04-20 18:47 . 2007-08-28 03:08 -------- d-----w- c:\program files\Smileycons
2010-04-20 16:50 . 2005-12-08 21:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-20 16:46 . 2008-08-13 05:19 -------- d-----w- c:\program files\YPOPs
2010-04-19 02:12 . 2007-12-07 06:45 -------- d-----w- c:\program files\KeyScrambler
2010-04-18 03:39 . 2009-10-29 00:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-18 03:39 . 2009-10-29 00:13 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-04-18 03:39 . 2009-10-29 00:13 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-04-18 03:39 . 2009-10-15 02:11 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-18 03:39 . 2009-10-29 00:13 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-04-18 03:39 . 2009-10-29 00:13 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-04-16 22:41 . 2008-03-07 17:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Thunderbird
2010-04-14 19:18 . 2007-05-29 17:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 21:19 . 2010-04-03 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-03 21:13 . 2007-07-14 16:57 -------- d-----w- c:\program files\QuickTime
2010-04-03 21:04 . 2009-09-07 03:07 -------- d-----w- c:\program files\Safari
2010-04-03 21:01 . 2010-04-03 21:01 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-03 19:55 . 2010-04-03 19:55 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7bf8d8ed-n\msvcp71.dll
2010-04-03 19:55 . 2010-04-03 19:55 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7bf8d8ed-n\jmc.dll
2010-04-03 19:55 . 2010-04-03 19:55 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7bf8d8ed-n\msvcr71.dll
2010-04-03 19:55 . 2010-04-03 19:55 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2611ffe5-n\decora-sse.dll
2010-04-03 19:55 . 2010-04-03 19:55 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2611ffe5-n\decora-d3d.dll
2010-04-01 14:00 . 2009-07-24 18:26 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-03-27 06:15 . 2007-09-19 01:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-25 23:45 . 2010-03-25 23:45 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org
2010-03-25 23:38 . 2010-03-25 23:38 -------- d-----w- c:\program files\JRE
2010-03-25 23:38 . 2010-03-25 23:38 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-21 05:19 . 2010-03-21 05:19 -------- d-----w- c:\program files\InfraRecorder
2010-03-20 17:34 . 2009-12-08 01:49 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-03-20 17:34 . 2009-12-08 01:46 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-03-20 17:25 . 2010-03-20 17:25 -------- d-----w- c:\program files\BitDefender
2010-03-20 17:25 . 2010-03-20 17:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BitDefender
2010-03-20 17:25 . 2009-09-14 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-03-20 17:23 . 2009-09-14 14:37 -------- d-----w- c:\program files\Common Files\BitDefender
2010-03-11 12:38 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-04-02 14:37 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 19:13 . 2009-10-18 00:13 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-26 18:23 . 2009-09-15 20:29 4506256 ----a-w- c:\documents and settings\HP_Administrator\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2010-02-24 13:11 . 2004-08-10 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-10 19:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-10 19:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-10 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-01-09 16:20 . 2008-01-09 16:22 6732464 ----a-w- c:\program files\Thunderbird Setup 2.0.0.9.exe
2006-03-19 06:48 . 2007-05-11 20:49 32 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-01 99840]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^digsby.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\digsby.lnk
backup=c:\windows\pss\digsby.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 09:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 07:19 77312 ----a-w- c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-14 22:53 133104 -----tw- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 14:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 22:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 23:44 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2004-06-08 20:31 29696 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2005-12-07 17:26 489472 ----a-w- c:\program files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
2004-11-02 00:22 262144 ----a-w- c:\windows\system32\ElkCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
2005-12-07 17:33 73728 ----a-w- c:\program files\Logitech\Video\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-12-09 22:32 225280 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
2005-08-10 00:52 53248 ----a-w- c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSSHD Activation State Checker]
2008-09-05 20:38 451320 ----a-w- c:\program files\Bitvise WinSSHD\WinsshdActStateCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2/28/2010 10:40 PM 40560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/17/2010 8:40 PM 64288]
R2 a2free;a-squared Free Service;c:\program files\A-squared\a2service.exe [4/30/2010 10:11 AM 1872320]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [9/22/2009 8:22 AM 85128]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 8:52 AM 1285864]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2/11/2010 4:42 AM 172328]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/7/2009 6:46 PM 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [10/19/2009 4:04 PM 111312]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/6/2007 11:45 PM 115312]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/29/2009 3:31 PM 717296]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 4:06 PM 183880]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/25/2008 2:12 AM 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 18:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2513264196-182807146-495379214-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-14 22:53]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2513264196-182807146-495379214-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-14 22:53]

2010-05-09 c:\windows\Tasks\User_Feed_Synchronization-{055FD4AE-75CC-4A4E-95CD-B522F2D56417}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rewindamerica.org/HomePage.html
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://192.168.0.196:85/DVROcxEx.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\
FF - prefs.js: browser.startup.homepage - hxxp://www.rewindamerica.org/HomePage.html
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\system32\Npindeo.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{00E1DA10-54EF-4A74-B0ED-5CB0E6C45022} - (no file)
BHO-{5C7541A3-5C52-0F93-9AB3-50841B5DF033} - c:\windows\system32\vhmtgdbwtnl.dll
HKLM-Run-fydgoqckktcgs - c:\windows\system32\vhmtgdbwtnl.dll
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-DISCover - c:\program files\DISC\DISCover.exe
MSConfigStartUp-DiscUpdateManager - c:\program files\DISC\DiscUpdateMgr.exe
MSConfigStartUp-DSS - c:\windows\BBStore\DSS\dssagent.exe
MSConfigStartUp-ezLife - navhofcf.dll
MSConfigStartUp-fydgoqckktcgs - c:\windows\system32\vhmtgdbwtnl.dll
MSConfigStartUp-imjpmig - c:\ime\IMJP\imjpmig.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-NeroCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-osCheck - c:\program files\Norton AntiVirus\osCheck.exe
MSConfigStartUp-SeaMonkey Quick Launch - c:\program files\mozilla.org\SeaMonkey\SeaMonkey.exe
MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe
AddRemove-ezLife - c:\program files\ezLife\ezLife\1.4.6.0\uninstall.exe
AddRemove-xczyovujpvcekkav - c:\windows\system32\xczyovujpvcekkav.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 21:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-09 21:13:38
ComboFix-quarantined-files.txt 2010-05-10 04:13

Pre-Run: 164,831,129,600 bytes free
Post-Run: 166,519,324,672 bytes free

- - End Of File - - 72CE36D0B3C8998B5D2CE24157E979E5

Edited by onceafireman, 10 May 2010 - 12:51 AM.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:02 AM

Posted 10 May 2010 - 01:47 AM

Hello again, that is looking better already smile.gif

A few things first: Please visit the Adobe website to download the latest version of Adobe Acrobat Reader (v. 9.3). Older versions have vulnerabilities that are known to be exploited by malware.

One of your drives was infected with an autorun threat. Please clean all your flash drives and other USB storage devices with Flash Disinfector.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Edited by elise025, 10 May 2010 - 01:48 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 onceafireman

onceafireman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:07:02 PM

Posted 10 May 2010 - 12:44 PM

Hi Elise,

Attached you will find a Word document that has the "Print Screen" results for Malwarebytes. I'm a little hesitant to remove everything because it may affect the way Ad-aware functions. After looking it over, do you still want me to remove the checked items?

-Steve


Attached Files



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:02 AM

Posted 10 May 2010 - 12:51 PM

Hello again, no worries, have another look at the detections and you'll see it doesn't way "AdAware" but "Adware", which is a malware category.

Please remove all and post me the log afterwards smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 onceafireman

onceafireman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:07:02 PM

Posted 10 May 2010 - 01:06 PM

Hi Elise,

Below is the Malwarebytes log you requested. Thank you for setting me straight that it was not Ad-aware I was looking at. Also, FYI, my Adobe Reader is the most current version. I think you may have been looking at Adobe Acrobat 7 Professional?

Thank you again for all your work,

-Steve

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4086

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/10/2010 10:55:14 AM
mbam-log-2010-05-10 (10-55-14).txt

Scan type: Full scan (C:\|D:\|G:\|H:\|N:\|)
Objects scanned: 319988
Time elapsed: 1 hour(s), 46 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\navhofcf.dll.vir (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vbppoojc.dll.vir (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xczyovujpvcekkav.exe.vir (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP14\A0004891.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29\A0006243.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP32\A0014385.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP32\A0014394.exe (Adware.EZlife) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP32\A0014427.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP32\A0014428.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP32\A0014430.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP32\A0014395.exe (Adware.EZlife) -> Quarantined and deleted successfully.


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:02 AM

Posted 10 May 2010 - 01:10 PM

Hi Steve, yes you are right about Acrobat, sorry for that ohmy.gif

Any problems left?

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 onceafireman

onceafireman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:07:02 PM

Posted 10 May 2010 - 02:02 PM

Hi Elise,

Attached is a screen shot of the task manager. Everything seems to be working great right now and I am wondering if there is supposed to be 2 iexplore.exe's left in the task mgr? I have never noticed that before, but maybe it has always been that way.
Unless you feel that I still have something plaguing my computer, I will call it a day, let you move on to someone else and thank you so much for all you have done to help clean this thing out. You are very good at what you do and are very much appreciated.

Take care,

-Steve

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users