HJT checkup

Sledesma1 · 02-14-2007, 10:48 PM

Hello, I have been getting connections problems on my PC game, not sure if its the game or my computer (getting wierd since Bitdefender was installed) so heres the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:45:11 PM, on 2/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack Log\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com...prodid=nav2005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
O4 - HKLM\..\RunOnce: [RegisterDaysRemind] c:\\hp\\bin\\spawn.exe c:\\windows\\system32\\pcintro\\autorun.exe c:\\windows\\system32\\pcintro\\remind.cmd Register7d.html
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F77D10-3691-4DDF-A282-1D839BEDB538}: NameServer = 68.87.72.130,68.87.77.130
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Sledesma1 · 02-16-2007, 03:58 PM

Bump.

Sledesma1 · 02-17-2007, 06:56 PM

Bump.

forhockey · 02-18-2007, 08:28 AM

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

Please be patient with me during this time.

forhockey · 02-18-2007, 09:47 PM

Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

The cleaning process is not instant. Please follow through to the end until I tell you your machine is clear.
The absence of symptoms does not mean that everything is clean.

Please make every effort to reply to my posts in a timely manner. Malware spreads quickly, and the longer an infection remains on a system, increases the llikelihood of any additional infections coming into your computer.

---------------------------------------------------------------------------------------------

P2P Software

P2P - I see you have P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

---------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Download and install CCleaner..http://www.ccleaner.com/ccdownload.asp

*Note* On the install please uncheck the option "Add CCleaner Yahoo toolbar and use CCleaner from within IE"

1. Open the program and the "Cleaner" button should be active.
2. Click on "Run Cleaner"
3. Once thats done it will clean out the TEMP folder.
4. Now click on "Issues" and then "Scan for Issues"
5. Once it's done checkmark ALL it finds and click "Fix Selected Issues"
6. It will ask you if you want to back up the registry entrys it's removing so please do so. If it removes anything important..just locate the .reg file you saved...double click on it to add the entrys back.

Close the program.

---------------------------------------------------------------------------------------------

Ad-Aware's AdWatch

Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable AdWatch:

Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem.
Unless they are turned off they could interfere with the fix by HijackThis.

---------------------------------------------------------------------------------------------

Enter Safe Mode

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8
Instead of Windows loading as normal, a menu should appear
Use the up arrow key to highlight Safe Mode and press Enter.
Login with your usual account

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

---------------------------------------------------------------------------------------------

Restart in normal mode.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Download ComboScan to your Desktop.

Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread in the HijackThis Log Help Forum.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

---------------------------------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware Log
Panda results
ComboScan.txt
Supplementary.txt - Please Attach

Sledesma1 · 02-19-2007, 07:38 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:37:52 PM 2/19/2007

+ Scan result:

C:\Documents and Settings\HP_Administrator\My Documents\Mugen Ultimate Collection\Misc MUGEN files\gca_v09k.exe -> Trojan.Regspy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0001406.exe -> Trojan.Regspy : Cleaned with backup (quarantined).

::Report end

Incident Status Location

Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL

ComboScan v20070212.14 run by HP_Administrator on 2007-02-19 at 20:20:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis log (run as HP_Administrator.com) ---------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:21:08 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\YME6L0KY\comboscan[1].exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~nemaphw.tmp\HP_Administrator.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com...prodid=nav2005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F77D10-3691-4DDF-A282-1D839BEDB538}: NameServer = 68.87.72.130,68.87.77.130
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

1 AmdK8 (AMD Processor Driver) - system32\DRIVERS\AmdK8.sys
3 aracpi - system32\DRIVERS\aracpi.sys
3 arhidfltr (MS Ar HID Filter Driver) - system32\DRIVERS\arhidfltr.sys
3 arkbcfltr (Microsoft PS2 Keyboard Filter) - system32\DRIVERS\arkbcfltr.sys
3 armoucfltr (Microsoft PS2 Mouse Filter) - system32\DRIVERS\armoucfltr.sys
3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
3 ARPolicy - system32\DRIVERS\arpolicy.sys
3 ati2mtag - system32\DRIVERS\ati2mtag.sys
1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
0 bb-run (Promise driver accelerator) - system32\DRIVERS\bb-run.sys
3 bdfdll - \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys
3 BDFSDRV - \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
2 BDRSDRV - \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
0 ftsata2 - system32\DRIVERS\ftsata2.sys
0 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - system32\DRIVERS\gagp30kx.sys
3 GEARAspiWDM - System32\Drivers\GEARAspiWDM.sys
3 HSFHWBS2 - system32\DRIVERS\HSFHWBS2.sys
3 HSF_DP - system32\DRIVERS\HSF_DP.sys
0 iaStor (Intel RAID Controller) - system32\DRIVERS\iaStor.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
2 mdmxsdk - system32\DRIVERS\mdmxsdk.sys
3 MHNDRV (MHN driver) - system32\DRIVERS\mhndrv.sys
3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
0 PCIIde - system32\DRIVERS\pciide.sys
3 Ps2 - system32\DRIVERS\PS2.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 RTL8023xp (Realtek 10/100/1000 NIC Family all in one NDIS XP Driver) - system32\DRIVERS\Rtlnicxp.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS
3 SISNIC (SiS PCI Fast Ethernet Adapter Driver) - system32\DRIVERS\sisnic.sys
0 sptd - System32\Drivers\sptd.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - system32\DRIVERS\usbohci.sys
3 usbstor (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
0 ViaIde - system32\DRIVERS\viaide.sys
3 winachsf - system32\DRIVERS\HSF_CNXT.sys
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 ARSVC - C:\WINDOWS\arservice.exe
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe
2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 bdss (BitDefender Scan Server) - "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
2 ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2 ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe
3 Fax - %systemroot%\system32\fxssvc.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2 LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
2 LIVESRV (BitDefender Desktop Update Service) - "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
2 McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe
2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
3 MHN - %SystemRoot%\System32\svchost.exe -k netsvcs
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
0 Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2 VSSERV (BitDefender Virus Shield) - "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
2 XCOMM (BitDefender Communicator) - "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service

-- Scheduled Tasks --------------------------------------------------------------

2007-02-15 20:30:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>

-- Files created between 2007-01-19 and 2007-02-19 ------------------------------

2007-02-19 18:44:45 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-19 18:44:43 0 d-------- C:\WINDOWS\LastGood
2007-02-19 14:40:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-02-18 23:13:27 0 d-------- C:\Program Files\CCleaner
2007-02-18 23:09:54 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-18 23:09:46 0 d-------- C:\Program Files\Grisoft
2007-02-13 15:56:57 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-13 15:52:33 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sonic
2007-02-13 15:52:21 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech<LEADER~1>
2007-02-13 15:50:12 0 d-------- C:\Program Files\Greetings Workshop<GREETI~1>
2007-02-09 16:52:34 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment<BLIZZA~1>
2007-02-07 20:56:10 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-02-07 20:17:32 0 d-------- C:\Program Files\TurboTax
2007-02-07 20:17:19 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield<INSTAL~1>
2007-02-06 19:46:17 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Bitdefender<BITDEF~1>
2007-02-06 19:32:38 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender<BITDEF~1>
2007-02-06 19:21:34 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-06 19:12:15 0 d-------- C:\Hijack Log<HIJACK~1>
2007-02-05 22:49:13 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\vlc
2007-02-05 22:47:59 0 d-------- C:\Program Files\VideoLAN
2007-02-05 21:42:16 0 d-------- C:\WINDOWS\Sun
2007-02-05 21:42:16 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sun
2007-02-05 18:35:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2007-02-05 18:29:08 0 d-------- C:\temp
2007-02-05 18:22:16 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2007-02-05 16:55:42 0 d--hs---- C:\RECYCLER
2007-02-05 16:55:22 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>
2007-02-03 23:16:24 0 d-------- C:\Boot
2007-02-03 19:02:21 0 d-------- C:\WINDOWS\system32\appmgmt
2007-02-03 18:39:40 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-02-02 23:00:56 0 d-------- C:\Program Files\OpenSource Flash Video Splitter<OPENSO~1>
2007-02-02 22:11:52 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys<Unsigned: n/a>
2007-02-02 22:08:55 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\DivX
2007-02-02 21:49:03 0 d-------- C:\Program Files\Trillian
2007-02-02 20:51:13 2560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys<Unsigned: Sonic Solutions>
2007-02-02 20:51:13 2432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys<Unsigned: Sonic Solutions>
2007-02-02 20:51:12 129784 --a------ C:\WINDOWS\system32\pxafs.dll<Signed: Sonic Solutions>
2007-02-02 20:50:59 0 d-------- C:\Program Files\DivX
2007-02-02 19:27:21 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-02 19:26:23 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-02 19:20:59 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-02 19:17:53 0 d--hs---- C:\Documents and Settings\HP_Administrator\UserData
2007-02-02 19:12:28 0 d-------- C:\WINDOWS\WBEM
2007-02-02 19:12:27 0 d-------- C:\WINDOWS\system32\en-US
2007-02-02 19:11:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2007-02-02 19:11:18 0 d-------- C:\Program Files\uTorrent
2007-02-02 19:11:16 0 d--h---c- C:\WINDOWS\ie7
2007-02-02 19:10:22 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-02-02 19:09:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-02 19:07:49 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-02-02 19:07:47 0 d-------- C:\46be12e08c1c346fe4b659c421d678<46BE12~1>
2007-02-02 18:55:53 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2007-02-02 18:55:42 0 d-------- C:\Program Files\Lavasoft
2007-02-02 18:35:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer<APPLEC~1>
2007-02-02 18:35:00 0 d-------- C:\Program Files\iPod
2007-02-02 18:34:57 0 d-------- C:\Program Files\iTunes
2007-02-02 18:34:27 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-02 18:34:17 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-02 18:34:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-02 18:16:28 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Template
2007-02-02 18:16:26 308 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-02-02 17:44:24 1168 --a------ C:\WINDOWS\mozver.dat
2007-02-02 17:42:04 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-02 17:41:55 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-02 17:13:35 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-02 14:46:25 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\InterVideo<INTERV~1>
2007-02-02 14:41:25 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google
2007-02-02 14:41:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-02-02 14:37:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2007-02-02 14:37:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2007-02-02 14:37:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2007-02-02 14:37:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Digital Interactive Systems Corporation<DIGITA~1>
2007-02-02 14:37:25 0 d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2007-02-02 14:37:25 2621440 --ah----- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
2007-02-02 14:37:08 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Real
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Intuit
2007-02-02 14:36:40 0 d-------- C:\Documents and Settings\Default User\Application Data\Digital Interactive Systems Corporation<DIGITA~1>
2007-02-02 13:17:20 0 d--h----- C:\WINDOWS\PIF
2007-02-02 12:57:36 0 d-------- C:\WINDOWS\Prefetch
2007-02-02 12:56:42 182 --a------ C:\WINDOWS\system\hpsysdrv.DAT
2007-02-02 12:43:59 0 dr-hs---- C:\cmdcons
2007-02-02 12:43:58 0 d-------- C:\WINDOWS\setup.pss
2007-02-02 12:43:48 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-02-02 12:43:45 0 d-------- C:\WINDOWS\setupupd
2007-02-02 11:44:44 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-02-02 11:33:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-02-02 11:32:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-02-02 11:29:36 0 d-------- C:\Program Files\Google
2007-02-02 11:25:04 0 d-------- C:\Program Files\PC-Doctor for DOS<PC-DOC~2>
2007-02-02 11:24:59 22396 --a------ C:\WINDOWS\system32\drivers\USBkey.sys<Unsigned: n/a>
2007-02-02 11:24:59 13440 --a------ C:\WINDOWS\system32\drivers\pcdrndisuio.sys<PCDRND~1.SYS><Unsigned: Windows (R) 2000 DDK provider>
2007-02-02 11:24:41 0 d-------- C:\Program Files\PC-Doctor 5 for Windows<PC-DOC~1>
2007-02-02 11:22:03 0 d-------- C:\WINDOWS\HPCPCUninstall-9972322<HPCPCU~1>
2007-02-02 11:21:52 0 d-------- C:\Program Files\Updates from HP<UPDATE~1>
2007-02-02 11:21:28 0 d-a------ C:\WINDOWS\system32\pcintro
2007-02-02 11:21:08 36864 --a------ C:\WINDOWS\system32\fpalsu.dll<Unsigned: Hewlett-Packard Company>
2007-02-02 11:21:08 14314 --a------ C:\WINDOWS\system32\CHODDI.SYS<Unsigned: n/a>
2007-02-02 11:21:06 40960 --a------ C:\WINDOWS\system32\omano.dll<Unsigned: Hewlett-Packard>
2007-02-02 11:21:03 45056 --a------ C:\WINDOWS\system32\hpreg.dll<Unsigned: n/a>
2007-02-02 11:18:21 1613824 --a------ C:\WINDOWS\system32\cdintf250.dll<CDINTF~1.DLL><Unsigned: Amyuni Technologies>
2007-02-02 11:18:13 0 d-------- C:\Program Files\Common Files\Palo Alto Software<PALOAL~1>
2007-02-02 11:18:09 0 d-------- C:\Program Files\Common Files\Intuit
2007-02-02 11:18:06 0 d-------- C:\Program Files\Quicken
2007-02-02 11:18:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-02-02 11:18:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2007-02-02 11:17:50 0 d-a------ C:\Program Files\TurboTax Online<TURBOT~1>
2007-02-02 11:17:36 118520 --a------ C:\WINDOWS\system32\pxinsi64.exe<Signed: Sonic Solutions>
2007-02-02 11:17:36 116472 --a------ C:\WINDOWS\system32\pxcpyi64.exe<Signed: Sonic Solutions>
2007-02-02 11:16:46 0 d-------- C:\Program Files\Common Files\muvee Technologies<MUVEET~1>
2007-02-02 11:16:45 0 d-------- C:\Program Files\muvee Technologies<MUVEET~1>
2007-02-02 11:15:39 266240 --a------ C:\WINDOWS\system32\ShellvRTF64.dll<SHELLV~2.DLL><Unsigned: XSS>
2007-02-02 11:15:39 237568 --a------ C:\WINDOWS\system32\ShellvRTF.dll<SHELLV~1.DLL><Unsigned: XSS>
2007-02-02 11:15:38 0 d-------- C:\WINDOWS\CREATOR
2007-02-02 11:15:34 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-02-02 11:14:47 17920 --a------ C:\WINDOWS\system32\mdimon.dll<Unsigned: Microsoft Corporation>
2007-02-02 11:14:10 0 d-------- C:\Program Files\Common Files\L&H
2007-02-02 11:14:05 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-02-02 11:13:48 0 d-------- C:\WINDOWS\SHELLNEW
2007-02-02 11:13:41 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-02-02 11:13:26 0 dr-h----- C:\MSOCache
2007-02-02 11:12:48 0 d-------- C:\Program Files\Microsoft Works<MICROS~3>
2007-02-02 11:11:48 0 d-------- C:\Program Files\Microsoft Money 2005<MICROS~2>
2007-02-02 11:11:31 0 d-a------ C:\Program Files\IntelliMoverDemo<INTELL~1>
2007-02-02 11:11:07 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-02 11:11:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-02-02 11:10:20 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll<IV828C~1.DLL><Unsigned: n/a>
2007-02-02 11:10:20 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll<IV760B~1.DLL><Unsigned: n/a>
2007-02-02 11:10:20 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll<IVIRES~4.DLL><Unsigned: n/a>
2007-02-02 11:10:20 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll<IVIRES~3.DLL><Unsigned: n/a>
2007-02-02 11:10:20 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll<IVIRES~2.DLL><Unsigned: n/a>
2007-02-02 11:10:20 20480 --a------ C:\WINDOWS\system32\IVIresize.dll<IVIRES~1.DLL><Unsigned: n/a>
2007-02-02 11:10:20 0 d-------- C:\Program Files\Common Files\InterVideo<INTERV~1>
2007-02-02 11:10:13 0 d-------- C:\Program Files\InterVideo<INTERV~1>
2007-02-02 11:09:59 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-02 11:09:28 0 d-a------ C:\Program Files\Common Files\LightScribe<LIGHTS~1>
2007-02-02 11:08:51 0 d-------- C:\Program Files\Common Files\Roxio Shared<ROXIOS~1>
2007-02-02 11:08:37 0 d-------- C:\Program Files\Common Files\TiVo Shared<TIVOSH~1>
2007-02-02 11:04:57 0 d-------- C:\Program Files\WildTangent<WILDTA~1>
2007-02-02 11:04:23 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield<INSTAL~1>
2007-02-02 11:04:20 0 d-------- C:\Program Files\Common Files\SureThing Shared<SURETH~1>
2007-02-02 11:04:16 0 d-------- C:\Program Files\Sonic
2007-02-02 11:03:29 45929 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE<NSSETD~1.EXE><Unsigned: n/a>
2007-02-02 11:03:16 0 d-------- C:\Program Files\Netscape
2007-02-02 11:03:09 0 d-------- C:\Program Files\Rhapsody
2007-02-02 11:02:57 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-02-02 11:02:51 0 d-------- C:\Program Files\Real
2007-02-02 11:02:50 0 d-------- C:\Program Files\Common Files\Real
2007-02-02 11:02:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-02-02 11:02:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Digital Interactive Systems Corporation<DIGITA~1>
2007-02-02 11:02:10 0 d-------- C:\Program Files\MSN Encarta Standard<MSNENC~1>
2007-02-02 11:00:11 90112 --a------ C:\WINDOWS\system32\ps2.EXE<Signed: Hewlett-Packard Company>
2007-02-02 11:00:05 90112 --a------ C:\WINDOWS\system32\ps2.bat
2007-02-02 11:00:05 19072 --a------ C:\WINDOWS\system32\drivers\PS2.sys<Signed: Hewlett-Packard Company>
2007-02-02 10:58:10 4011 --a------ C:\WINDOWS\hphmdl08.dat
2007-02-02 10:58:10 80417 --a------ C:\WINDOWS\HPHins08.dat
2007-02-02 10:57:13 0 --a------ C:\WINDOWS\hpimdl01.dat
2007-02-02 10:57:13 72881 --a------ C:\WINDOWS\hpiins01.dat
2007-02-02 10:55:49 21124 --a------ C:\WINDOWS\hpomdl07.dat
2007-02-02 10:55:49 112873 --a------ C:\WINDOWS\hpoins07.dat
2007-02-02 10:55:29 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-02-02 10:55:00 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-02-02 10:55:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-02-02 10:54:37 0 d-------- C:\Program Files\Common Files\HP
2007-02-02 10:53:18 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-02-02 10:53:05 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll<Signed: HP>
2007-02-02 10:53:05 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll<Signed: HP>
2007-02-02 10:53:05 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll<Signed: HP>
2007-02-02 10:53:05 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe<Signed: HP>
2007-02-02 10:53:05 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe<Signed: HP>
2007-02-02 10:53:05 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll<Signed: HP>
2007-02-02 10:52:45 0 d-------- C:\Program Files\HP
2007-02-02 10:52:41 5389 --a------ C:\WINDOWS\hpomdl06.dat
2007-02-02 10:52:41 88403 --a------ C:\WINDOWS\hpoins06.dat
2007-02-02 10:51:46 0 d-------- C:\WINDOWS\system32\FxsTmp
2007-02-02 10:51:05 0 d-------- C:\Program Files\CONEXANT
2007-02-02 10:49:00 36352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys<Signed: Advanced Micro Devices>
2007-02-02 10:48:48 86016 --a------ C:\WINDOWS\system32\mdmxsdk.dll<Signed: Conexant>
2007-02-02 10:48:48 39018 --a------ C:\WINDOWS\system32\hsfci012.dll<Signed: Conexant Systems, Inc.>
2007-02-02 10:48:48 13059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys<Signed: Conexant>
2007-02-02 10:48:48 220928 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys<Signed: Conexant Systems, Inc.>
2007-02-02 10:48:48 1038208 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys<Signed: Conexant Systems, Inc.>
2007-02-02 10:48:48 703232 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys<Signed: Conexant Systems, Inc.>
2007-02-02 10:48:31 74496 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys<Signed: Realtek Semiconductor Corporation >
2007-02-02 10:48:16 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-02 10:48:16 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-02-02 10:48:13 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-02 10:48:05 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-02-02 10:47:50 599552 --a------ C:\WINDOWS\system32\ativvaxx.dll<Signed: ATI Technologies Inc. >
2007-02-02 10:47:50 24064 --a------ C:\WINDOWS\system32\ativcoxx.dll<Signed: ATI Technologies, Inc.>
2007-02-02 10:47:50 17408 --a------ C:\WINDOWS\system32\atitvo32.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:50 106496 --a------ C:\WINDOWS\system32\atipdlxx.dll<Signed: ATI Technologies, Inc.>
2007-02-02 10:47:50 4718592 --a------ C:\WINDOWS\system32\atioglxx.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 1313792 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 40960 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 147456 --a------ C:\WINDOWS\system32\atikvmag.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 104361 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-02 10:47:49 258048 --a------ C:\WINDOWS\system32\ATIDEMGR.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 2408800 --a------ C:\WINDOWS\system32\ati3duag.dll<Signed: ATI Technologies Inc. >
2007-02-02 10:47:49 25088 --a------ C:\WINDOWS\system32\Ati2mdxx.exe<Signed: ATI Technologies, Inc.>
2007-02-02 10:47:49 376832 --a------ C:\WINDOWS\system32\ati2evxx.exe<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 46080 --a------ C:\WINDOWS\system32\ati2evxx.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 39936 --a------ C:\WINDOWS\system32\ati2edxx.dll<Signed: ATI Technologies, Inc.>
2007-02-02 10:47:49 238592 --a------ C:\WINDOWS\system32\ati2dvag.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:47:49 233472 --a------ C:\WINDOWS\system32\ati2cqag.dll<Signed: ATI Technologies Inc.>
2007-02-02 10:43:47 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-02 10:42:50 52736 --a------ C:\WINDOWS\system\hpsysdrv.exe<Unsigned: Hewlett-Packard Company>
2007-02-02 10:40:49 786944 --a------ C:\WINDOWS\system32\RDBios32.dll<Unsigned: Hewlett Packard>
2007-02-02 10:40:49 532480 --a------ C:\WINDOWS\system32\cPC_DMIRD.dll<CPC_DM~1.DLL><Unsigned: Hewlett Packard>
2007-02-02 10:40:10 0 d-------- C:\Program Files\Java
2007-02-02 10:40:10 0 d-------- C:\Program Files\Common Files\Java
2007-02-02 10:38:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SBSI
2007-02-02 10:37:05 306688 --a------ C:\WINDOWS\IsUninst.exe<Unsigned: InstallShield Software Corporation>
2007-02-02 10:35:40 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-02-02 10:33:24 0 d-------- C:\Program Files\GemMaster<GEMMAS~1>
2007-02-02 10:31:20 0 d-------- C:\WINDOWS\system32\URTTemp
2007-02-02 10:29:18 40832 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys<Signed: Creative Technology Ltd.>
2007-02-02 10:27:00 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-02-02 09:22:38 0 d-------- C:\WINDOWS\I386
2007-02-02 09:20:40 0 d-------- C:\Program Files<PROGRA~1>
2007-02-02 09:20:38 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-02-02 09:04:58 0 dr--s---- C:\WINDOWS\assembly
2007-02-02 09:04:56 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-02-02 09:04:42 0 dr-hs---- C:\WINDOWS\system32\dllcache
2007-02-01 22:55:51 707 --a------ C:\WINDOWS\_default.pif
2007-02-01 22:55:15 13312 --a------ C:\WINDOWS\system32\win87em.dll<Signed: n/a>
2007-02-01 22:55:14 18432 --a------ C:\WINDOWS\system32\win.com
2007-02-01 22:55:06 1129 --a------ C:\WINDOWS\system32\vwipxspx.exe<Signed: n/a>
2007-02-01 22:55:03 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-02-01 22:54:58 25600 --a------ C:\WINDOWS\twunk_32.exe<Signed: Twain Working Group>
2007-02-01 22:54:58 49680 --a------ C:\WINDOWS\twunk_16.exe<Signed: Twain Working Group>
2007-02-01 22:54:58 50688 --a------ C:\WINDOWS\twain_32.dll<Signed: Twain Working Group>
2007-02-01 22:54:58 94784 --a------ C:\WINDOWS\twain.dll<Signed: Twain Working Group>
2007-02-01 22:54:58 15360 --a------ C:\WINDOWS\system32\tsd32.dll<Signed: n/a>
2007-02-01 22:54:57 11264 --a------ C:\WINDOWS\system32\tree.com
2007-02-01 22:52:55 679936 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-02-01 22:52:55 14336 --a------ C:\WINDOWS\system32\ssstars.scr
2007-02-01 22:52:55 610304 --a------ C:\WINDOWS\system32\sspipes.scr
2007-02-01 22:52:55 18944 --a------ C:\WINDOWS\system32\ssmyst.scr
2007-02-01 22:52:55 47104 --a------ C:\WINDOWS\system32\ssmypics.scr
2007-02-01 22:52:55 20992 --a------ C:\WINDOWS\system32\ssmarque.scr
2007-02-01 22:52:55 393216 --a------ C:\WINDOWS\system32\ssflwbox.scr
2007-02-01 22:52:54 19968 --a------ C:\WINDOWS\system32\ssbezier.scr
2007-02-01 22:52:54 704512 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-02-01 22:52:52 24661 --a------ C:\WINDOWS\system32\spxcoins.dll<Signed: Perle Systems Ltd.>
2007-02-01 22:52:27 14848 --a------ C:\WINDOWS\system32\slbrccsp.dll<Signed: Schlumberger Technology Corporation>
2007-02-01 22:52:27 98304 --a------ C:\WINDOWS\system32\slbiop.dll<Signed: Schlumberger Technology Corporation>
2007-02-01 22:52:27 306176 --a------ C:\WINDOWS\system32\slbcsp.dll<Signed: Schlumberger Technology Corporation>
2007-02-01 22:52:23 882 --a------ C:\WINDOWS\system32\share.exe<Signed: n/a>
2007-02-01 22:52:22 11753 --a------ C:\WINDOWS\system32\setver.exe<Signed: n/a>
2007-02-01 22:52:20 27440 --a------ C:\WINDOWS\system32\drivers\secdrv.sys<Signed: n/a>
2007-02-01 22:52:19 9216 --a------ C:\WINDOWS\system32\scrnsave.scr
2007-02-01 22:52:19 10240 --a------ C:\WINDOWS\system32\scriptpw.dll<Signed: n/a>
2007-02-01 22:52:18 291840 --a------ C:\WINDOWS\system32\sbe.dll<Signed: n/a>
2007-02-01 22:52:15 49152 --a------ C:\WINDOWS\system32\rsm.exe<Signed: Microsoft Corp>
2007-02-01 22:52:12 397824 --a------ C:\WINDOWS\system32\regwizc.dll<Signed: Microsoft>
2007-02-01 22:52:12 4608 --a------ C:\WINDOWS\system32\regwiz.exe<Signed: Microsoft>
2007-02-01 22:52:11 3338 --a------ C:\WINDOWS\system32\redir.exe<Signed: n/a>
2007-02-01 22:52:08 1287680 --a------ C:\WINDOWS\system32\quartz.dll<Signed: n/a>
2007-02-01 22:52:07 733696 --a------ C:\WINDOWS\system32\qedwipes.dll<Signed: n/a>
2007-02-01 22:52:06 562176 --a------ C:\WINDOWS\system32\qedit.dll<Signed: n/a>
2007-02-01 22:52:06 385024 --a------ C:\WINDOWS\system32\qdvd.dll<Signed: n/a>
2007-02-01 22:52:06 279040 --a------ C:\WINDOWS\system32\qdv.dll<Signed: n/a>
2007-02-01 22:52:06 192512 --a------ C:\WINDOWS\system32\qcap.dll<Signed: n/a>
2007-02-01 22:52:06 3708 --a------ C:\WINDOWS\system32\pubprn.vbs
2007-02-01 22:52:06 17792 --a------ C:\WINDOWS\system32\drivers\ptilink.sys<Signed: Parallel Technologies, Inc.>
2007-02-01 22:51:53 15860 --a------ C:\WINDOWS\system32\prnqctl.vbs
2007-02-01 22:51:53 29454 --a------ C:\WINDOWS\system32\prnport.vbs
2007-02-01 22:51:53 32546 --a------ C:\WINDOWS\system32\prnmngr.vbs
2007-02-01 22:51:53 21527 --a------ C:\WINDOWS\system32\prnjobs.vbs
2007-02-01 22:51:53 25415 --a------ C:\WINDOWS\system32\prndrvr.vbs
2007-02-01 22:51:53 35755 --a------ C:\WINDOWS\system32\prncnfg.vbs
2007-02-01 22:51:51 272128 --a------ C:\WINDOWS\system32\perfi009.dat
2007-02-01 22:51:51 28626 --a------ C:\WINDOWS\system32\perfd009.dat
2007-02-01 22:51:43 4490 --a------ C:\WINDOWS\system32\oembios.dat
2007-02-01 22:51:28 3252 --a------ C:\WINDOWS\system32\nw16.exe<Signed: n/a>
2007-02-01 22:51:22 34560 --a------ C:\WINDOWS\system32\ntio804.sys<Signed: n/a>
2007-02-01 22:51:22 35424 --a------ C:\WINDOWS\system32\ntio412.sys<Signed: n/a>
2007-02-01 22:51:22 35648 --a------ C:\WINDOWS\system32\ntio411.sys<Signed: n/a>
2007-02-01 22:51:22 34560 --a------ C:\WINDOWS\system32\ntio404.sys<Signed: n/a>
2007-02-01 22:51:22 33840 --a------ C:\WINDOWS\system32\ntio.sys<Signed: n/a>
2007-02-01 22:51:21 29146 --a------ C:\WINDOWS\system32\ntdos804.sys<Signed: n/a>
2007-02-01 22:51:21 29274 --a------ C:\WINDOWS\system32\ntdos412.sys<Signed: n/a>
2007-02-01 22:51:21 29370 --a------ C:\WINDOWS\system32\ntdos411.sys<Signed: n/a>
2007-02-01 22:51:21 29146 --a------ C:\WINDOWS\system32\ntdos404.sys<Signed: n/a>
2007-02-01 22:51:21 27866 --a------ C:\WINDOWS\system32\ntdos.sys<Signed: n/a>
2007-02-01 22:51:17 741 --a------ C:\WINDOWS\system32\noise.dat
2007-02-01 22:51:17 7052 --a------ C:\WINDOWS\system32\nlsfunc.exe<Signed: n/a>
2007-02-01 22:50:35 94282 --a------ C:\WINDOWS\system32\msencode.dll<Signed: n/a>
2007-02-01 22:50:34 4126 --a------ C:\WINDOWS\system32\msdxmlc.dll<Signed: n/a>
2007-02-01 22:50:34 14336 --a------ C:\WINDOWS\system32\msdmo.dll<Signed: n/a>
2007-02-01 22:50:33 817 --a------ C:\WINDOWS\system32\mscdexnt.exe<Signed: n/a>
2007-02-01 22:50:25 15872 --a------ C:\WINDOWS\system32\more.com
2007-02-01 22:50:24 19456 --a------ C:\WINDOWS\system32\mode.com
2007-02-01 22:50:22 673088 --a------ C:\WINDOWS\system32\mlang.dat
2007-02-01 22:50:17 39274 --a------ C:\WINDOWS\system32\mem.exe<Signed: n/a>
2007-02-01 22:50:15 35328 --a------ C:\WINDOWS\system32\mciqtz32.dll<Signed: n/a>
2007-02-01 22:50:12 220672 --a------ C:\WINDOWS\system32\logon.scr
2007-02-01 22:50:12 487 --a------ C:\WINDOWS\system32\login.cmd
2007-02-01 22:50:11 1131 --a------ C:\WINDOWS\system32\loadfix.com
2007-02-01 22:50:08 42537 --a------ C:\WINDOWS\system32\keyboard.sys<Signed: n/a>
2007-02-01 22:50:08 42809 --a------ C:\WINDOWS\system32\key01.sys<Signed: n/a>
2007-02-01 22:50:07 14710 --a------ C:\WINDOWS\system32\kb16.com
2007-02-01 22:50:06 65536 --a------ C:\WINDOWS\system32\jgsh400.dll<Signed: Johnson-Grace Company>
2007-02-01 22:50:06 45568 --a------ C:\WINDOWS\system32\jgsd400.dll<Signed: America Online>
2007-02-01 22:50:06 35840 --a------ C:\WINDOWS\system32\jgmd400.dll<Signed: Johnson-Grace Company>
2007-02-01 22:50:06 44544 --a------ C:\WINDOWS\system32\jgaw400.dll<Signed: Johnson-Grace Company>
2007-02-01 22:50:06 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll<Signed: Intel Corporation>
2007-02-01 22:50:05 183808 --a------ C:\WINDOWS\system32\ir50_qcx.dll<Signed: Intel Corporation.>
2007-02-01 22:50:05 200192 --a------ C:\WINDOWS\system32\ir50_qc.dll<Signed: Intel Corporation.>
2007-02-01 22:50:05 755200 --a------ C:\WINDOWS\system32\ir50_32.dll<Signed: Intel Corporation>
2007-02-01 22:50:05 338432 --a------ C:\WINDOWS\system32\ir41_qcx.dll<Signed: Intel Corporation.>
2007-02-01 22:50:05 120320 --a------ C:\WINDOWS\system32\ir41_qc.dll<Signed: Intel Corporation.>
2007-02-01 22:50:05 199168 --a------ C:\WINDOWS\system32\ir32_32.dll<Signed: n/a>
2007-02-01 22:49:54 80384 --a------ C:\WINDOWS\system32\iccvid.dll<Signed: Radius Inc.>
2007-02-01 22:49:54 347136 --a------ C:\WINDOWS\system32\hypertrm.dll<Signed: Hilgraeve, Inc.>
2007-02-01 22:49:53 44544 --a------ C:\WINDOWS\system32\hticons.dll<Signed: Hilgraeve, Inc.>
2007-02-01 22:49:49 4768 --a------ C:\WINDOWS\system32\himem.sys<Signed: n/a>
2007-02-01 22:49:46 19694 --a------ C:\WINDOWS\system32\graphics.com
2007-02-01 22:49:46 26112 --a------ C:\WINDOWS\system32\graftabl.com
2007-02-01 22:49:15 25600 --a------ C:\WINDOWS\system32\format.com
2007-02-01 22:49:14 882 --a------ C:\WINDOWS\system32\fastopen.exe<Signed: n/a>
2007-02-01 22:49:11 8424 --a------ C:\WINDOWS\system32\exe2bin.exe<Signed: n/a>
2007-02-01 22:49:10 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll<Signed: Equinox Systems Inc.>
2007-02-01 22:49:09 456192 --a------ C:\WINDOWS\system32\encdec.dll<Signed: n/a>
2007-02-01 22:49:09 12642 --a------ C:\WINDOWS\system32\edlin.exe<Signed: n/a>
2007-02-01 22:49:09 69886 --a------ C:\WINDOWS\system32\edit.com
2007-02-01 22:49:08 498742 --a------ C:\WINDOWS\system32\dxmasf.dll<Signed: n/a>
2007-02-01 22:49:06 218003 --a------ C:\WINDOWS\system32\dssec.dat
2007-02-01 22:48:08 53840 --a------ C:\WINDOWS\system32\dosx.exe<Signed: n/a>
2007-02-01 22:48:08 23552 --a------ C:\WINDOWS\system32\dmserver.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 5888 --a------ C:\WINDOWS\system32\drivers\dmload.sys<Signed: Microsoft Corp., Veritas Software.>
2007-02-01 22:48:07 153344 --a------ C:\WINDOWS\system32\drivers\dmio.sys<Signed: Microsoft Corp., Veritas Software>
2007-02-01 22:48:07 799744 --a------ C:\WINDOWS\system32\drivers\dmboot.sys<Signed: Microsoft Corp., Veritas Software>
2007-02-01 22:48:07 15872 --a------ C:\WINDOWS\system32\dmremote.exe<Signed: Microsoft Corp.>
2007-02-01 22:48:07 18432 --a------ C:\WINDOWS\system32\dmintf.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 118784 --a------ C:\WINDOWS\system32\dmdskres.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 200704 --a------ C:\WINDOWS\system32\dmdskmgr.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 273920 --a------ C:\WINDOWS\system32\dmdlgs.dll<Signed: Microsoft Corp.>
2007-02-01 22:48:07 330752 --a------ C:\WINDOWS\system32\dmconfig.dll<Signed: Microsoft Corp., Veritas Software>
2007-02-01 22:48:07 224768 --a------ C:\WINDOWS\system32\dmadmin.exe<Signed: Microsoft Corp., Veritas Software>
2007-02-01 22:48:03 7168 --a------ C:\WINDOWS\system32\diskcopy.com
2007-02-01 22:48:03 9216 --a------ C:\WINDOWS\system32\diskcomp.com
2007-02-01 22:48:01 85020 --a------ C:\WINDOWS\system32\dgsetup.dll<Signed: Digi International>
2007-02-01 22:48:01 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll<Signed: Digi International, Inc.>
2007-02-01 22:48:01 111104 --a------ C:\WINDOWS\system32\dgnet.dll<Signed: Microsoft>
2007-02-01 22:48:01 123904 --a------ C:\WINDOWS\system32\dfrgui.dll<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:01 38912 --a------ C:\WINDOWS\system32\dfrgsnap.dll<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:01 51200 --a------ C:\WINDOWS\system32\dfrgres.dll<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:01 82432 --a------ C:\WINDOWS\system32\dfrgfat.exe<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:00 59904 --a------ C:\WINDOWS\system32\devenum.dll<Signed: n/a>
2007-02-01 22:48:00 25088 --a------ C:\WINDOWS\system32\defrag.exe<Signed: Microsoft Corp. and Executive Software International, Inc.>
2007-02-01 22:48:00 20634 --a------ C:\WINDOWS\system32\debug.exe<Signed: n/a>
2007-02-01 22:47:52 27097 --a------ C:\WINDOWS\system32\country.sys<Signed: n/a>
2007-02-01 22:47:49 252928 --a------ C:\WINDOWS\system32\compatUI.dll<Signed: n/a>
2007-02-01 22:47:49 50620 --a------ C:\WINDOWS\system32\command.com
2007-02-01 22:47:45 7680 --a------ C:\WINDOWS\system32\chcp.com
2007-02-01 22:47:36 30208 --a------ C:\WINDOWS\system32\atmlib.dll<Signed: Adobe Systems>
2007-02-01 22:47:36 285696 --a------ C:\WINDOWS\system32\atmfd.dll<Signed: Adobe Systems Incorporated>
2007-02-01 22:47:36 32256 --a------ C:\WINDOWS\system32\asr_ldm.exe<Signed: Microsoft Corp.>
2007-02-01 22:47:19 12498 --a------ C:\WINDOWS\system32\append.exe<Signed: n/a>
2007-02-01 22:47:19 9029 --a------ C:\WINDOWS\system32\ansi.sys<Signed: n/a>
2007-02-01 22:47:19 70656 --a------ C:\WINDOWS\system32\amstream.dll<Signed: n/a>
2007-01-31 22:56:06 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL><Unsigned: DivX, Inc.>
2007-01-31 22:56:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL><Unsigned: DivX, Inc.>
2007-01-31 22:56:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL><Unsigned: DivX, Inc.>
2007-01-31 22:56:04 639066 --a------ C:\WINDOWS\system32\DivX.dll<Unsigned: DivX, Inc.>
2007-01-31 15:27:01 524288 --a------ C:\WINDOWS\system32\DivXsm.exe<Unsigned: DivX Inc.>
2007-01-30 17:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE><Unsigned: DivX, Inc.>
2007-01-29 23:03:40 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll<Unsigned: n/a>
2007-01-29 23:03:26 200704 --a------ C:\WINDOWS\system32\ssldivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-29 23:03:26 1044480 --a------ C:\WINDOWS\system32\libdivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/>
2007-01-29 22:56:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll<Unsigned: DivX, Inc.>
2007-01-29 22:56:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll<Unsigned: DivX, Inc.>
2007-01-29 22:56:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 57344 --a------ C:\WINDOWS\system32\dpv11.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 344064 --a------ C:\WINDOWS\system32\dpus11.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 294912 --a------ C:\WINDOWS\system32\dpu11.dll<Unsigned: DivXNetworks>
2007-01-29 22:56:52 294912 --a------ C:\WINDOWS\system32\dpu10.dll<Unsigned: DivXNetworks>

-- Find3M Report ----------------------------------------------------------------

2007-02-13 15:57:32 0 d---s---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft<MICROS~1>
2007-02-05 18:31:29 146946 --a------ C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log<PATCHU~2.LOG>
2007-02-05 18:30:40 2204 --a------ C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log<HPSU_4~1.LOG>
2007-02-05 18:28:34 375 --a------ C:\Documents and Settings\HP_Administrator\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log<HELPFI~1.LOG>
2007-02-05 18:28:32 0 --a------ C:\Documents and Settings\HP_Administrator\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log<HELPFI~2.LOG>
2007-02-05 18:28:24 3031 --a------ C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_InstantShareJPG.log<PATCHU~1.LOG>
2007-02-05 18:27:31 40487 --a------ C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log<UPDATE~1.LOG>
2007-02-05 18:27:23 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll<Unsigned: Hewlett Packard>
2007-02-02 17:44:28 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia<MACROM~1>
2007-02-02 17:42:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2007-02-02 11:13:03 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~4>
2007-02-02 11:12:55 0 d-------- C:\Program Files\Windows Plus<WINDOW~3>
2007-02-02 11:12:55 0 d-------- C:\Program Files\Windows NT<WINDOW~2>
2007-02-02 11:04:14 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-02-02 11:03:28 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-02 11:03:27 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-02 11:01:55 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-02-02 11:01:54 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-02 10:57:09 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-02-02 10:56:54 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-02 10:56:41 0 d-------- C:\Program Files\Common Files\MSSoap
2007-02-02 10:53:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Identities<IDENTI~1>
2007-01-29 23:03:34 36624 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys<Unsigned: Sonic Solutions>
2006-12-12 10:24:42 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL><Unsigned: n/a>

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Plus\\Ad-Watch.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"µTorrent"="\"C:\\Program Files\\uTorrent\\uTorrent.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="sockspy.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9bfa3e-53e6-11da-9f04-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

-- End of ComboScan: finished at 2007-02-19 at 20:34:22 -------------------------

ComboScan v20070212.14 run by HP_Administrator on 2007-02-19 at 20:20:56
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3700+
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 958.48 MiB / 481.23 MiB
Pagefile Memory (total/avail): 2311.25 MiB / 1877.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1990.67 MiB

C: is Fixed (NTFS) - 174.54 GiB total, 117.44 GiB free.
D: is Fixed (FAT32) - 11.74 GiB total, 4.82 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
FirewallDisableNotify is set.

FW: BitDefender Antivirus Plus v10 v7.2 (Softwin)
AV: BitDefender Antivirus Plus v10 v7.2 (Softwin)

-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-4DACD0EA75
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\YOUR-4DACD0EA75
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2701
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=YOUR-4DACD0EA75
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS

-- User Profiles ----------------------------------------------------------------

HP_Administrator (admin)
Administrator (admin)

-- Add/Remove Programs ----------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
5 Card Slingo from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F\Uninstall.exe"
Ad-Aware SE Plus --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
AstroPop Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E44A47AF-C94B-4E3F-81A0-979FBA9DAC57\Uninstall.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Barnyard Invasion from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\049D60AF-B425-4F8A-BD66-9D8C1B519D59\Uninstall.exe"
Bejeweled 2 Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\Uninstall.exe"
BitDefender Antivirus Plus v10 --> MsiExec.exe /I{65B5C023-F572-4078-865F-ECB93EFE37BD}
Blackhawk Striker 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\758619C0-7C97-42BB-B1E9-775F72FDAD1E\Uninstall.exe"
Blasterball 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\Uninstall.exe"
Blasterball 2 Remix from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0C84A7C5-2762-4932-96BF-44A77202DCC3\Uninstall.exe"
Boggle Supreme from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\90EA5584-4290-407B-B8F2-D6E6D65A4796\Uninstall.exe"
Bookworm Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E59F75D0-A38B-40F4-ABA2-CA35A7735473\Uninstall.exe"
Bounce Symphony from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\Uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Chuzzle Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BA42B721-D70B-4412-ABA6-057B5823FDE9\Uninstall.exe"
Crystal Maze from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Family Feud --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\413773DA-62DE-4C4C-A0F9-10EFB9317DE5\Uninstall.exe"
FATE from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3320769C-062B-4670-BD6B-AA4B3D0E9903\Uninstall.exe"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Greetings Workshop --> C:\Program Files\Greetings Workshop\SETUP\setup.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~nemaphw.tmp\HijackThis.exe /uninstall
HP Boot Optimizer --> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive --> MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Insaniquarium Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\A09026AE-8F16-4929-B4E6-1825535844DB\Uninstall.exe"
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Lemonade Tycoon 2 from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E\Uninstall.exe"
Lexibox Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9844050E-4CA4-4901-A53D-A5D14C63789B\Uninstall.exe"
Mah Jong Quest from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\Uninstall.exe"
Microsoft Away Mode -->
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7137AFD-4E43-47A6-BDC7-533808F72B36}\setup.exe" -l0x9
muvee autoProducer unPlugged 1.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFB0FED6-0010-4E9B-A402-E513F2459161}\setup.exe" -l0x9
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
OpenSource Flash Video Splitter (remove only) --> "C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Polar Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\Uninstall.exe"
Polar Golfer from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Puzzle Express from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0814ADC6-5B36-4144-A8EA-439C36B1BB11\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove IntelliMover Demo --> c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat"
Ricochet Lost Worlds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0AA27562-3C4E-4860-8742-7ADEBE2EFC43\Uninstall.exe"
SCRABBLE from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B7217206-A362-446B-A0F7-A2622B82F821\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shooting Stars Pool from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B2AA88B1-4920-462B-9F7C-019782B3C4DB\Uninstall.exe"
Shrek 2 Ogre Bowler from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\581538B9-2ED3-45E2-96CB-22AD8F811D2A\Uninstall.exe"
Slingo Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E\Uninstall.exe"
Snowboard SuperJam from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\038D56DF-B15D-47F7-959F-59FA1FBB63FC\Uninstall.exe"
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Super Granny from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\Uninstall.exe"
Tradewinds from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe"
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Zuma Deluxe from HP Media Center (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\901E0096-B2AC-469E-A99E-2725A39C0B47\Uninstall.exe"

-- End of ComboScan: finished at 2007-02-19 at 20:34:22 -------------------------

forhockey · 02-20-2007, 08:04 PM

Let's see if we can rule out hidden malware as the cause of your issues, as I'm not seeing anything in these logs to account for them.

---------------------------------------------------------------------------------------------

Download GMER Rootkit Scanner from here or here.

Unzip it to your Desktop and double-click gmer.exe

Run the program and select the Rootkit tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. It will produce a log. Copy the log using the Copy button , Open Notepad and paste the log into a new text file (Using Ctrl + V), save it somewhere you can find it, and post the log in this thread.

---------------------------------------------------------------------------------------------

Update Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

Sledesma1 · 02-20-2007, 08:46 PM

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-20 21:37:13
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwClose
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwCreateKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwDeleteKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwDeleteValueKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwEnumerateKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwEnumerateValueKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwFlushKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwLoadKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys ZwOpenFile
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwQueryKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwQueryValueKey
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwUnloadKey

---- Kernel code sections - GMER 1.0.12 ----

.text USBPORT.SYS!DllUnload F6A5462C 5 Bytes JMP 85F2C960

---- User code sections - GMER 1.0.12 ----

.text C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[528] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[828] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2704] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2704] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2704] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2704] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2704] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2704] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2704] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2704] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2704] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\system32\alg.exe[2704] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\System32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2976] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2976] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2976] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2976] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2976] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2976] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2976] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2976] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2976] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2976] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\ehome\ehmsas.exe[3028] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system\hpsysdrv.exe[3216] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe[3324] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3688] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text ...

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 863CE1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 863CE1E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 85CD9980
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 85CD9980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 85F2F980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 85F2F980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 85F2F980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F2F980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 85F2F980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 85F2F980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 85F2F980
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 863641E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 863641E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 863641E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 863641E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 863641E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 863641E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 863641E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 863641E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 863641E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 863641E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 863641E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 863641E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 863641E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 863641E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 863641E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 863641E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 863641E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 863641E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 863641E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 863641E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 863641E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 863641E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 863641E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 863641E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 863641E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 863641E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 863641E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 863641E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 863641E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 863641E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 863641E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 863641E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 863641E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 863641E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 863641E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 863641E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 863641E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 863641E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 863641E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 863641E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 863641E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 863641E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 863641E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 863641E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 85F2F980
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 85F2F980
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 85F2F980
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F2F980
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 85F2F980
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 85F2F980
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 85F2F980
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 85F7E980
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 85F7E980
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 85F7E980
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F7E980
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 85F7E980
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 85F7E980
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 85F7E980
Device \Driver\NetBT \Device\NetBT_Tcpip_{D1F77D10-3691-4DDF-A282-1D839BEDB538} IRP_MJ_CREATE 85BAE7E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D1F77D10-3691-4DDF-A282-1D839BEDB538} IRP_MJ_CLOSE 85BAE7E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D1F77D10-3691-4DDF-A282-1D839BEDB538} IRP_MJ_DEVICE_CONTROL 85BAE7E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D1F77D10-3691-4DDF-A282-1D839BEDB538} IRP_MJ_INTERNAL_DEVICE_CONTROL 85BAE7E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D1F77D10-3691-4DDF-A282-1D839BEDB538} IRP_MJ_CLEANUP 85BAE7E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D1F77D10-3691-4DDF-A282-1D839BEDB538} IRP_MJ_PNP 85BAE7E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 863D11E8
Device \Driver\usbstor \Device\00000071 IRP_MJ_CREATE 85A8C3A0
Device \Driver\usbstor \Device\00000071 IRP_MJ_CLOSE 85A8C3A0
Device \Driver\usbstor \Device\00000071 IRP_MJ_READ 85A8C3A0
Device \Driver\usbstor \Device\00000071 IRP_MJ_WRITE 85A8C3A0
Device \Driver\usbstor \Device\00000071 IRP_MJ_DEVICE_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000071 IRP_MJ_INTERNAL_DEVICE_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000071 IRP_MJ_POWER 85A8C3A0
Device \Driver\usbstor \Device\00000071 IRP_MJ_SYSTEM_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000071 IRP_MJ_PNP 85A8C3A0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 863D11E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 85F301E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 85F301E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 85F301E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 85F301E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 85F301E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 85F301E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F301E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 85F301E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 85F301E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 85F301E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 85F301E8
Device \Driver\usbstor \Device\00000072 IRP_MJ_CREATE 85A8C3A0
Device \Driver\usbstor \Device\00000072 IRP_MJ_CLOSE 85A8C3A0
Device \Driver\usbstor \Device\00000072 IRP_MJ_READ 85A8C3A0
Device \Driver\usbstor \Device\00000072 IRP_MJ_WRITE 85A8C3A0
Device \Driver\usbstor \Device\00000072 IRP_MJ_DEVICE_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000072 IRP_MJ_INTERNAL_DEVICE_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000072 IRP_MJ_POWER 85A8C3A0
Device \Driver\usbstor \Device\00000072 IRP_MJ_SYSTEM_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000072 IRP_MJ_PNP 85A8C3A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 863631E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 863631E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_CREATE 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_CLOSE 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_INTERNAL_DEVICE_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_POWER 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_SYSTEM_CONTROL 863631E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 IRP_MJ_PNP 863631E8
Device \Driver\usbstor \Device\00000073 IRP_MJ_CREATE 85A8C3A0
Device \Driver\usbstor \Device\00000073 IRP_MJ_CLOSE 85A8C3A0
Device \Driver\usbstor \Device\00000073 IRP_MJ_READ 85A8C3A0
Device \Driver\usbstor \Device\00000073 IRP_MJ_WRITE 85A8C3A0
Device \Driver\usbstor \Device\00000073 IRP_MJ_DEVICE_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000073 IRP_MJ_INTERNAL_DEVICE_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000073 IRP_MJ_POWER 85A8C3A0
Device \Driver\usbstor \Device\00000073 IRP_MJ_SYSTEM_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000073 IRP_MJ_PNP 85A8C3A0
Device \Driver\usbstor \Device\00000074 IRP_MJ_CREATE 85A8C3A0
Device \Driver\usbstor \Device\00000074 IRP_MJ_CLOSE 85A8C3A0
Device \Driver\usbstor \Device\00000074 IRP_MJ_READ 85A8C3A0
Device \Driver\usbstor \Device\00000074 IRP_MJ_WRITE 85A8C3A0
Device \Driver\usbstor \Device\00000074 IRP_MJ_DEVICE_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000074 IRP_MJ_INTERNAL_DEVICE_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000074 IRP_MJ_POWER 85A8C3A0
Device \Driver\usbstor \Device\00000074 IRP_MJ_SYSTEM_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000074 IRP_MJ_PNP 85A8C3A0
Device \Driver\usbstor \Device\00000075 IRP_MJ_CREATE 85A8C3A0
Device \Driver\usbstor \Device\00000075 IRP_MJ_CLOSE 85A8C3A0
Device \Driver\usbstor \Device\00000075 IRP_MJ_READ 85A8C3A0
Device \Driver\usbstor \Device\00000075 IRP_MJ_WRITE 85A8C3A0
Device \Driver\usbstor \Device\00000075 IRP_MJ_DEVICE_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000075 IRP_MJ_INTERNAL_DEVICE_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000075 IRP_MJ_POWER 85A8C3A0
Device \Driver\usbstor \Device\00000075 IRP_MJ_SYSTEM_CONTROL 85A8C3A0
Device \Driver\usbstor \Device\00000075 IRP_MJ_PNP 85A8C3A0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 85BAE7E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 85BAE7E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 85BAE7E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 85BAE7E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 85BAE7E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 85BAE7E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 85BAE7E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 85BAE7E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 85BAE7E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 85BAE7E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 85BAE7E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 85BAE7E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 85F2F980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 85F2F980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 85F2F980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F2F980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 85F2F980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 85F2F980
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 85F2F980
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 85F2F980
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 85F2F980
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 85F2F980
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F2F980
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 85F2F980
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 85F2F980
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 85F2F980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 859F01E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 85F7E980
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 85F7E980
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 85F7E980
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F7E980
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 85F7E980
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 85F7E980
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 85F7E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 859F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 859F01E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 863D11E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 863D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 85CD9980
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 85CD9980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85C7C5E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 85C7C5E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85C7C5E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 85C7C5E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 85C7C5E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 85C7C5E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 85C7C5E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 85C7C5E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 85C7C5E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 85C7C5E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 85C7C5E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 85C7C5E0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 85C7C5E0

---- EOF - GMER 1.0.12 ----

forhockey · 02-21-2007, 05:15 AM

Quote:

Hello, I have been getting connections problems on my PC game, not sure if its the game or my computer (getting wierd since Bitdefender was installed)

There doesn't seem to be any signs of malware present on your system in any of the logs you've returned back to me. I suggest you take your issue up in the Online Gaming section, and be sure to include the link to this thread to let them know you've been cleared for malware. Also, if you could tell them what you stated above in the quote box about Bitdefender.

There are just a few more things I would like you to do.

Reset System Restore

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

Clear Firefox Cookies

Click Tools -> Options
Click Privacy Tab
Click the "Show Cookies" button
Click the "Remove All Cookies" button, which is at the bottom of the window.
Click Close

Clear IE7 cookies

On the Internet Explorer 6 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
Double-click Internet Options to open Internet Properties.
Click Delete Files button.
Click Delete button across from Temporary Internet Files.
Click Yes.
Click Close.
Click Ok.

Re-Enable Ad-Aware's AdWatch

Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Check both options.

Microsoft Updates

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Malware Prevention Tools

These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage.
MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
SpywareGuard - real-time protection that detects and blocks spyware before it can execute.

Alternative Web Browsers

Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

Firefox

Opera

Firewalls

If you do not have a firewall, here are a few free ones available for personal use:

Understanding and Using Firewalls

Informational Reading

Please take a look at these well written articles:

PC SAFETY AND SECURITY
How Did I Get Infected In The First Place?.
THE ANTI-SPYWARE TUTORIAL
STRONG PASSWORDS

Please respond to this thread one more time so we can mark this thread as resolved.

Sledesma1 · 02-21-2007, 01:02 PM

Thank you, My computer is running faster now.

02-14-2007, 10:48 PM	#1 (permalink)
Sledesma1 Registered User Join Date: Aug 2005 Posts: 47 OS: WinXP Sp3	HJT checkup Hello, I have been getting connections problems on my PC game, not sure if its the game or my computer (getting wierd since Bitdefender was installed) so heres the log: Logfile of HijackThis v1.99.1 Scan saved at 11:45:11 PM, on 2/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\HP\KBD\KBD.EXE C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Greetings Workshop\GWREMIND.EXE C:\Program Files\Trillian\trillian.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Hijack Log\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com...prodid=nav2005 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IXP000.TMP\" O4 - HKLM\..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} O4 - HKLM\..\RunOnce: [RegisterDaysRemind] c:\\hp\\bin\\spawn.exe c:\\windows\\system32\\pcintro\\autorun.exe c:\\windows\\system32\\pcintro\\remind.cmd Register7d.html O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F77D10-3691-4DDF-A282-1D839BEDB538}: NameServer = 68.87.72.130,68.87.77.130 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

02-18-2007, 08:28 AM	#4 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,930 OS: Windows 7 Ultimate	Hi and welcome to TSF. I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. Please be patient with me during this time. __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by Glaswegian; 02-18-2007 at 12:46 PM. Reason: No need for additional parts of the post at this time.

02-18-2007, 09:47 PM	#5 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,930 OS: Windows 7 Ultimate	Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. --------------------------------------------------------------------------------------------- The cleaning process is not instant. Please follow through to the end until I tell you your machine is clear. The absence of symptoms does not mean that everything is clean. Please make every effort to reply to my posts in a timely manner. Malware spreads quickly, and the longer an infection remains on a system, increases the llikelihood of any additional infections coming into your computer. --------------------------------------------------------------------------------------------- P2P Software P2P - I see you have P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. --------------------------------------------------------------------------------------------- Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. --------------------------------------------------------------------------------------------- Download and install CCleaner..http://www.ccleaner.com/ccdownload.asp *Note* On the install please uncheck the option "Add CCleaner Yahoo toolbar and use CCleaner from within IE" 1. Open the program and the "Cleaner" button should be active. 2. Click on "Run Cleaner" 3. Once thats done it will clean out the TEMP folder. 4. Now click on "Issues" and then "Scan for Issues" 5. Once it's done checkmark ALL it finds and click "Fix Selected Issues" 6. It will ask you if you want to back up the registry entrys it's removing so please do so. If it removes anything important..just locate the .reg file you saved...double click on it to add the entrys back. Close the program. --------------------------------------------------------------------------------------------- Ad-Aware's AdWatch Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable AdWatch: Open AdAware SE. Go to AdWatch User Interface. Go to Tools and Preferences. At the bottom of the screen you will see 2 options Active and Automatic. Active: This will turn Ad-Watch On\Off without closing it Automatic: Suspicious activity will be blocked automatically Uncheck both options. You can enable these after resolving your problem. Unless they are turned off they could interfere with the fix by HijackThis. --------------------------------------------------------------------------------------------- Enter Safe Mode Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8 Instead of Windows loading as normal, a menu should appear Use the up arrow key to highlight Safe Mode and press Enter. Login with your usual account Note: Some systems, this may be the F5 key, so try that if F8 doesn't work. --------------------------------------------------------------------------------------------- Run AVG Anti-Spyware Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). --------------------------------------------------------------------------------------------- Restart in normal mode. --------------------------------------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------------------------------------------------- Download ComboScan to your Desktop. Close all applications and windows. Double-click on comboscan.exe to run it, and follow the prompts. When the scan is complete, a text file will open - ComboScan.txt Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread in the HijackThis Log Help Forum. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt. Please attach Supplementary.txt to your post. Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. --------------------------------------------------------------------------------------------- Please include the following in your next reply: AVG Anti-Spyware Log Panda results ComboScan.txt Supplementary.txt - Please Attach __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum

02-20-2007, 08:04 PM	#7 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,930 OS: Windows 7 Ultimate	Let's see if we can rule out hidden malware as the cause of your issues, as I'm not seeing anything in these logs to account for them. --------------------------------------------------------------------------------------------- Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop and double-click gmer.exe Run the program and select the Rootkit tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. It will produce a log. Copy the log using the Copy button , Open Notepad and paste the log into a new text file (Using Ctrl + V), save it somewhere you can find it, and post the log in this thread. --------------------------------------------------------------------------------------------- Update Java Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "*Accept* License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version. __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum

02-16-2007, 03:58 PM	#2 (permalink)
Sledesma1 Registered User Join Date: Aug 2005 Posts: 47 OS: WinXP Sp3	Bump.

02-17-2007, 06:56 PM	#3 (permalink)
Sledesma1 Registered User Join Date: Aug 2005 Posts: 47 OS: WinXP Sp3	Bump.

02-21-2007, 01:02 PM	#10 (permalink)
Sledesma1 Registered User Join Date: Aug 2005 Posts: 47 OS: WinXP Sp3	Thank you, My computer is running faster now.