Hidden Rootkit problem...How to delete files?

Hi There,
I seem to have a problem with a hidden rootkit. Now I'm by no means an expert on computers, I'd say I'm intermediate. I've tried to delete the files that are the problem, but it will not let me (they are music files).

Bitdefender does not give me the name, just a hidden rootkit and the name of the files. I've done all the online scannings etc. But none of them will "fix" the files, and it won't let you delete them. From what I've read on rootkits, they attach to the system files, so that's why they won't let me delete them. I've also downloaded and ran the F-Secure Blacklight Rootkit Elimination tool and it didn't detect anything.

This rootkit has caused numerous stop error messages, the lovely Blue Screen of Death and has slowed my computer down.

I've never posted to one of these sites, so please forgive me if I'm doing something wrong. I've read in previous posts about giving the hijackthis log, so I'll paste that as well below.

Any and all help in getting this problem fixed would be greatly appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 7:43:36 AM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\OBD2 TekLink\2100D.exe
C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mom\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do?sls=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [OBD2_TekLink_Start] C:\Program Files\OBD2 TekLink\2100D.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [mm_server] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe "
O4 - HKLM\..\Run: [PhilipsRemote] "C:\Program Files\Musicmatch\Musicmatch Jukebox\PhilipsRemote.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe "
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Intel Corporation - (no file)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Thanks in advance for any help you can provide me!

Sincerely,
Whoababy

 

DSS log....Main.txt one

MAIN TEXT

Deckard's System Scanner v20071014.68
Run by Mom on 2007-12-28 08:17:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
110: 2007-12-28 13:17:42 UTC - RP741 - Deckard's System Scanner Restore Point
109: 2007-12-28 05:05:30 UTC - RP740 - RegCure Backup
108: 2007-12-27 05:05:04 UTC - RP739 - RegCure Backup
107: 2007-12-26 05:05:02 UTC - RP738 - RegCure Backup
106: 2007-12-25 05:05:24 UTC - RP737 - RegCure Backup


-- First Restore Point --
1: 2007-09-30 04:10:47 UTC - RP631 - RegCure Backup


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Mom.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:20:53 AM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\OBD2 TekLink\2100D.exe
C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mom\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Mom.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do?sls=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [OBD2_TekLink_Start] C:\Program Files\OBD2 TekLink\2100D.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [mm_server] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe "
O4 - HKLM\..\Run: [PhilipsRemote] "C:\Program Files\Musicmatch\Musicmatch Jukebox\PhilipsRemote.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe "
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Intel Corporation - (no file)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>

S3 AdfuUd (USB 2.0 (FS) ADFU Device) - c:\windows\system32\drivers\adfuud.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 fsbl-standalone (F-Secure BlackLight Beta Engine Driver) - c:\docume~1\mom\locals~1\temp\f-secure\blacklight\fsbldrv.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82915G/GV/910GL Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82915G/GV/910GL Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Service: ialm


-- Scheduled Tasks -------------------------------------------------------------

2007-12-28 06:59:15 434 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-12-28 06:53:55 368 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-12-28 01:00:00 248 --a------ C:\WINDOWS\Tasks\dfrg.job
2007-12-27 23:00:00 256 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
2007-12-14 22:40:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-28 and 2007-12-28 -----------------------------

2007-12-22 16:10:43 1158 --a------ C:\WINDOWS\mozver.dat
2007-12-22 13:47:12 0 d-------- C:\Documents and Settings\Mom\Application Data\Mozilla
2007-12-22 07:01:56 0 d--hs---- C:\found.001
2007-12-17 12:35:50 0 d-------- C:\Documents and Settings\Mom\Application Data\Bitdefender
2007-12-17 12:35:31 0 d-------- C:\Program Files\BitDefender
2007-12-17 12:35:31 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-12-17 12:31:06 0 d-------- C:\Program Files\Common Files\BitDefender


-- Find3M Report ---------------------------------------------------------------

2007-12-22 16:11:29 0 d-------- C:\Documents and Settings\Mom\Application Data\Adobe
2007-12-21 20:30:16 0 d-------- C:\Program Files\LimeWire
2007-12-17 17:16:47 0 d-------- C:\Program Files\Motorola Phone Tools
2007-12-17 17:16:33 0 d-------- C:\Program Files\RegCure
2007-12-17 17:16:27 0 d-------- C:\Program Files\bfgclient
2007-12-17 17:16:27 0 d-------- C:\Program Files\Avanquest update
2007-12-17 12:46:46 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2007-12-17 12:41:19 0 d-------- C:\Program Files\Common Files
2007-11-22 17:07:08 0 d-------- C:\Documents and Settings\Mom\Application Data\FMA
2007-11-22 09:08:19 0 d-------- C:\Program Files\iTunes
2007-11-22 09:08:08 0 d-------- C:\Program Files\iPod
2007-11-22 09:06:51 0 d-------- C:\Program Files\QuickTime
2007-11-20 16:51:59 0 d-------- C:\Program Files\PayPal
2007-11-20 07:32:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-20 07:29:25 0 d-------- C:\Program Files\MSN Games
2007-11-19 19:50:45 0 d-------- C:\Program Files\Microsoft Expedia Streets & Trips
2007-11-17 11:09:26 0 d-------- C:\Program Files\Susteen
2007-11-13 12:26:24 0 d-------- C:\Program Files\Common Files\DirectX
2007-11-13 12:23:42 0 d-------- C:\Program Files\Codemasters
2007-11-09 14:10:59 0 d-------- C:\Program Files\IZArc
2007-11-09 09:32:32 0 d-------- C:\Program Files\MRConverter
2007-11-09 09:32:20 0 d-------- C:\Program Files\DjToneXpress
2007-11-06 11:18:57 0 d-------- C:\Program Files\AOL Games
2007-10-29 10:26:03 0 d-------- C:\Program Files\Apple Software Update
2007-10-24 09:23:57 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-24 07:32:32 552 --a------ C:\WINDOWS\system32\d3d8caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 03:01 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [03/03/2006 09:08 AM]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"AcctMgr "= "C:\Program Files\Norton Password Manager\AcctMgr.exe" [08/18/2004 02:41 PM]
"OBD2_TekLink_Start "= "C:\Program Files\OBD2 TekLink\2100D.exe" [04/18/2005 09:28 AM]
"Motive SmartBridge "= "C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe" [04/21/2006 03:41 PM]
"MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [09/18/2006 12:46 PM]
"mm_server "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [09/18/2006 12:46 PM]
"PhilipsRemote "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\PhilipsRemote.exe" [09/18/2006 12:46 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 02:49 PM]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 02:46 PM]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 02:50 PM]
"Logitech Utility "= "Logi_MwX.Exe" [12/17/2003 08:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [09/25/2006 08:12 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"BitDefender Antiphishing Helper "= "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 03:46 PM]
"BDAgent "= "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [12/17/2007 12:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@ "=" " []
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]
"Aim6 "=" " []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/3/2006 9:04:59 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [9/4/1999 5:23:00 PM]
Microsoft Works Calendar Reminders.lnk - C:\WINDOWS\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [3/10/2006 9:42:34 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme
"HideShutdownScripts "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage "=0 (0x0)
"NoDispScrSavPage "=0 (0x0)
"NoDispCPL "=0 (0x0)
"NoDispAppearancePage "=0 (0x0)
"DisableTaskMgr "=0 (0x0)
"DisableRegistryTools "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu "=1 (0x1)
"NoRecentDocsMenu "=1 (0x1)
"MaxRecentDocs "=99 (0x63)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HughesNet Tools.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ab8f54c-c500-11db-a7de-001320df01ac}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8081f88d-b558-11db-a7c3-001320df01ac}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE




-- End of Deckard's System Scanner: finished at 2007-12-28 08:22:07 ------------

 

Dss log.....extra.txt one

EXTRA TEXT
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 502.07 MiB / 152.43 MiB
Pagefile Memory (total/avail): 1995.23 MiB / 1494.67 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.85 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 144.34 GiB total, 90 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160828AS - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 144.34 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Bitdefender Firewall v8.0 (BitDefender)
AV: Bitdefender Antivirus v8.0 (BitDefender)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*isabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*isabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*isabled:AOL "
"C:\\WINDOWS\\system32\\sessmgr.exe "= "C:\\WINDOWS\\system32\\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe "= "C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger "
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe "= "C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable "
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader "
"C:\\Program Files\\Common Files\\AOL\\1161128919\\ee\\aolsoftware.exe "= "C:\\Program Files\\Common Files\\AOL\\1161128919\\ee\\aolsoftware.exe:*:Enabled:AOL Services "
"C:\\Program Files\\Common Files\\AOL\\1161128919\\ee\\aim6.exe "= "C:\\Program Files\\Common Files\\AOL\\1161128919\\ee\\aim6.exe:*:Enabled:AIM "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"C:\\StubInstaller.exe "= "C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer "
"C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"C:\\Program Files\\WinMX\\WinMX.exe "= "C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application "
"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_server.exe "= "C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_server.exe:*:Enabled:mm_server.exe "
"C:\\WINDOWS\\system32\\fxsclnt.exe "= "C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console "
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe "= "C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox "
"C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe "= "C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe:*:Enabled:Yahoo! UPnP AV Media Server "
"C:\\Program Files\\AIM6\\aim6.exe "= "C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM "
"C:\\Program Files\\Microsoft Expedia Streets & Trips\\system\\AUTMAP71.EXE "= "C:\\Program Files\\Microsoft Expedia Streets & Trips\\system\\AUTMAP71.EXE:*:Enabled:Microsoft Streets Application Executable "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mom\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MOM
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mom
LOGONSERVER=\\MOM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\AOL\1161128919\ee;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Mom\LOCALS~1\Temp
TMP=C:\DOCUME~1\Mom\LOCALS~1\Temp
USERDOMAIN=MOM
USERNAME=Mom
USERPROFILE=C:\Documents and Settings\Mom
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mom (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\HUGHES~1\Uninstall.exe hughes
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
924PLC32 --> MsiExec.exe /I{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Gadgets 2.8 --> C:\PROGRA~1\AIMGAD~1\UNWISE.EXE C:\PROGRA~1\AIMGAD~1\INSTALL.LOG
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{41FB67AA-7DE5-4608-84DE-EBFFF4931B70}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI MCE Control Panel --> MsiExec.exe /X{F6E97C07-B897-4C8C-AA9B-C8E0A85BC858}
ATI MCE Transcode --> MsiExec.exe /I{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}
ATI Parental Control & Encoder --> MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
BitDefender Internet Security 2008 --> MsiExec.exe /I{C7D014BC-4331-4649-866A-A884AA63590D}
Burger Rush (remove only) --> "C:\Program Files\Games\Burger Rush\Uninstall.exe "
Burger Shop (remove only) --> "C:\Program Files\Burger Shop\Uninstall.exe "
Cake Mania --> "C:\Program Files\MSN Games\Cake Mania\Uninstall.exe" "C:\Program Files\MSN Games\Cake Mania\install.log "
CAM UnZip 4.42 --> "C:\Program Files\CAM Development\CAM UnZip\Uninstall\unins000.exe "
Chuzzle Deluxe (remove only) --> "C:\Program Files\Yahoo! Games\Chuzzle Deluxe\Uninstall.exe "
CoffeeCup HTML Editor 2005 --> C:\PROGRA~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\INSTALL.LOG
Conexant D850 56K V.92 DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
DeepBurner v1.8.0.224 --> "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log "
Delicious Deluxe (remove only) --> "C:\Program Files\Games\Delicious Deluxe\Uninstall.exe "
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe "
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Diner Dash - Flo on the Go (remove only) --> "C:\Program Files\Yahoo! Games\Diner Dash - Flo on the Go\Uninstall.exe "
Diner Dash (remove only) --> "C:\Program Files\Yahoo! Games\Diner Dash\Uninstall.exe "
Disc2Phone --> MsiExec.exe /I{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe "
Gold Miner Special Edition (remove only) --> "C:\Program Files\AOL Games\Gold Miner Special Edition\Uninstall.exe "
Google --> MsiExec.exe /I{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hospital Tycoon --> C:\Program Files\Codemasters\Hospital Tycoon\uninstall.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HughesNet Tools --> C:\WINDOWS\Motive\hughes\MCCUninst.exe
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe "
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lemonade Tycoon 2 --> C:\WINDOWS\unvise32.exe C:\Program Files\MumboJumbo\Lemonade Tycoon 2\uninstal.log
LimeWire PRO 4.14.1 --> "C:\Program Files\LimeWire\uninstall.exe "
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe "
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Encarta Encyclopedia 2000 --> "C:\Program Files\Microsoft Encarta\Encarta Encyclopedia 2000\unee2000.exe" /uninstall
Microsoft Expedia Streets & Trips 2000 --> C:\Program Files\Common Files\Microsoft Shared\Geography\Setup\acmsetup.exe /T SUT70409.stf
Microsoft Home Publishing 2000 --> MsiExec.exe /I{9944aa9e-362d-11d3-81ab-00c04fb932ba}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe "
Microsoft Money 2000 Standard Edition --> C:\Program Files\Microsoft Money\setup\setup.exe
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Word 2000 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Microsoft Works 2000 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe D:\
Mirror Magic Deluxe (remove only) --> "C:\Program Files\Yahoo! Games\Mirror Magic Deluxe\Uninstall.exe "
Mobile Ringtone Converter 2.3.45 --> "C:\Program Files\MRConverter\unins000.exe "
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Norton Password Manager --> MsiExec.exe /I{8315D4B0-9BF2-4D63-8654-74B89D288D6E}
Norton Password Manager (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{8315D4B0-9BF2-4D63-8654-74B89D288D6E}.exe /X
NPM_DRM_COLLECTION --> MsiExec.exe /I{E38D4B55-212A-4016-BE7E-ED3A6153CBEA}
OBD2 TekLink --> MsiExec.exe /X{758DF4BF-9805-4892-87F8-A9203F907F76}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe "
Paint Shop Pro 7 Anniversary Edition --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PayPal Plug-In --> C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
School Tycoon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F34CA-580F-4615-80FE-BDFBD56B748F}\setup.exe" -l0x9 -removeonly
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Ericsson PC Suite 1.10.21 --> MsiExec.exe /I{EE28E1DC-A319-4DFE-B8ED-BEE329D377A4}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Super Granny --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\07BD8727-1405-4A01-B3B8-819993A60036\Uninstall.exe "
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
USB Converter Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8A08C9CB-4C84-4FA5-9A4B-6994A93481F6}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4 "
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe "
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe "
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Word in Works Suite add-in --> MsiExec.exe /I{0DB93918-2A77-11D3-805A-00C04FA329AA}
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}


-- Application Event Log -------------------------------------------------------

Event Record #/Type80054 / Warning
Event Submitted/Written: 12/28/2007 06:58:43 AM
Event ID/Source: 1000 / .NET Runtime
Event Description:
.NET Runtime version 1.1.4322.2407 - Error "Invalid syntax on line 231 - Expected > character.." occurred while parsing the Machine policy level. The default policy level was used instead.

Event Record #/Type80048 / Error
Event Submitted/Written: 12/28/2007 06:53:53 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 03064501.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type80047 / Error
Event Submitted/Written: 12/28/2007 06:53:30 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ctfmon.exe, version 5.1.2600.2180, faulting module MSCTF.dll, version 5.1.2600.2180, fault address 0x0001f6a0.
Processing media-specific event for [ctfmon.exe!ws!]

Event Record #/Type80018 / Warning
Event Submitted/Written: 12/27/2007 06:56:11 AM
Event ID/Source: 1000 / .NET Runtime
Event Description:
.NET Runtime version 1.1.4322.2407 - Error "Invalid syntax on line 231 - Expected > character.." occurred while parsing the Machine policy level. The default policy level was used instead.

Event Record #/Type79953 / Error
Event Submitted/Written: 12/23/2007 01:47:17 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 591171285.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1645 / Warning
Event Submitted/Written: 12/28/2007 06:58:37 AM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share Logan's Music because the directory C:\Documents and Settings\Logan\My Documents\My Music no longer exists. Please run "net share Logan's Music /delete" to delete the share, or recreate the directory C:\Documents and Settings\Logan\My Documents\My Music.

Event Record #/Type1631 / Warning
Event Submitted/Written: 12/27/2007 08:35:53 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type1627 / Warning
Event Submitted/Written: 12/27/2007 06:07:42 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type1581 / Warning
Event Submitted/Written: 12/27/2007 06:56:17 AM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share Logan's Music because the directory C:\Documents and Settings\Logan\My Documents\My Music no longer exists. Please run "net share Logan's Music /delete" to delete the share, or recreate the directory C:\Documents and Settings\Logan\My Documents\My Music.

Event Record #/Type1557 / Warning
Event Submitted/Written: 12/26/2007 03:08:05 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2007-12-28 08:22:07 ------------

 

Welcome to WindowsBBS Whoababy

Please give us the filenames and location of the files detected by BitDefender. Do any of the other scanners detect them? What methods have you tried to delete the files?

You also need to upgrade your version of HijackThis. Delete the copy you currently have. Please download the HijackThis Installer from here, then run a scan and save the log. Close the log for now .... we won't need it.

 

Hidden Rootkit problem....How to delete files?

Hi noahdfear,
Thanks so much for your reply. I did update the Hijackthis. Thanks!

There are 3 files that Bitdefender is detecting. They are located in C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\Joe Walshe's Greatest Hits-Little Did He Know..

1.) C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\Joe Walsh's Greatest Hits- Little Did He Know..\Joe Walsh - Life's Been Good.mp3 Rootkit-Hidden Items

2.) C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\Joe Walsh's Greatest Hits- Little Did He Know..\Joe Walsh - Life's Been Good(1).mp3 Rootkit-Hidden Items

3.) C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\Joe Walsh's Greatest Hits- Little Did He Know..\Joe Walsh - Funk #49.mp3 Rootkit-Hidden Items


It will not let me open or explore that folder, nor delete it. I've tried deleting it in safe mode and by just clicking delete, it won't let me. It says "Cannont delete file: Cannont read from the source file or disk ".

I just ran another online scan (Kaspersky) and it didn't detect anything.

I'm at a loss of what to do. Any help would be greatly apprecaited!

Sincerely,
Whoababy

 

Lets see if we can get a directory contents output that shows the exact path and filenames. This will assist me in helping you.

Highlight and copy the following bolded command, including the quotes.

dir "C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh" /a h /s> "%userprofile%\desktop\walshdir.txt "

Click Start then Run and type cmd then hit enter to open a command window. Right click in the window and select paste, then hit enter. When the blinking cursor advances to the next line with a command prompt close the command window. Open the newly created walshdir.txt file on the desktop and see if the files in question are listed. If so, post the contents of that file ehere and point out which files they are.

 

File not found.

Hi there,
I did as instructed and it came back "File Not Found ". Yet this is what is listed in that txt file.

Volume in drive C has no label.
Volume Serial Number is BC69-C97F

Directory of C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh

12/23/2007 07:19 AM <DIR> .
12/23/2007 07:19 AM <DIR> ..
06/04/2007 08:11 AM 2,762 AlbumArtSmall.jpg
06/04/2007 08:13 AM 13,174 AlbumArt_{C4F672DA-612F-4954-9DF5-054F15148214}_Large.jpg
06/04/2007 08:11 AM 2,762 AlbumArt_{C4F672DA-612F-4954-9DF5-054F15148214}_Small.jpg
06/02/2007 07:59 PM 12,116 AlbumArt_{ECB4319D-857C-4064-A2F9-673AB1DECE46}_Large.jpg
06/02/2007 07:59 PM 2,681 AlbumArt_{ECB4319D-857C-4064-A2F9-673AB1DECE46}_Small.jpg
06/04/2007 08:13 AM 412 desktop.ini
06/04/2007 08:13 AM 13,174 Folder.jpg
12/26/2007 08:11 AM <DIR> Joe Walsh's Greatest Hits- Little Did He Know..
12/28/2007 09:50 AM <DIR> The Best of Joe Walsh
12/23/2007 07:25 AM 7,680 Thumbs.db
8 File(s) 54,761 bytes

Directory of C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\The Best of Joe Walsh

12/28/2007 09:50 AM <DIR> .
12/28/2007 09:50 AM <DIR> ..
12/22/2007 08:42 AM 9,432 AlbumArtYMJ_fb239f85_Small.jpg
10/26/2007 01:42 PM 5,130,240 Rocky Mountain Way.mp3
12/28/2007 09:50 AM 7,168 Thumbs.db
3 File(s) 5,146,840 bytes


The folder in question with the files that are being detected as hidden rootkit is
12/26/2007 08:11 AM <DIR> Joe Walsh's Greatest Hits- Little Did He Know..


I see that it is not showing the files though. The files that are being detected are in that folder, and their names are in the previous post (3 of them). That's odd.

Thanks,
Whoababy

 

Please paste the following bolded command in a command window and hit enter, then run the dir command again to see if there's any change in the output.

attrib -h -s "C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\Joe Walsh's Greatest Hits- Little Did He Know.. "

 

It came back file not found. The txt file is still the same.

Thanks,
Whoababy

 

Lets see if ComboFix can handle them. Download ComboFix by sUBs from here, saving the file to your desktop.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\Joe Walsh's Greatest Hits- Little Did He Know..\Joe Walsh - Life's Been Good.mp3
C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\Joe Walsh's Greatest Hits- Little Did He Know..\Joe Walsh - Life's Been Good(1).mp3
C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\Joe Walsh's Greatest Hits- Little Did He Know..\Joe Walsh - Funk #49.mp3

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.



Please verify the filenames/paths are 100% correct before saving the CFScript

 

Something new at end of files

Hi Dave,
I found something new this morning when I got on my computer. I have my Bitdenfender set up to scan every night/early morning. This morning I get up and it has the screen telling me of the 3 problems, but this time it has a tiny bit more information. It lists those 3 mp3 files but at the end of each of them it has this

song name.mp3.bd.ren.bd.ren.bd.ren.bd.ren

That's the first time it showed all that bd.ren at the end.

I looked at your previous post, and haven't done that yet, wasn't sure if I should go ahead and do that, or wait and see what you say about this new stuff?

I'll wait and see what you think I should do next. Thanks again for all your help, I do GREATLY appreciate it!

Thanks,
Whoababy

 

ComboFix log.txt

I went ahead and did the combofix, this is the txt file, what it says.

ComboFix 07-12-21.4 - Mom 2007-12-29 9:00:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.154 [GMT -5:00]
Running from: C:\Documents and Settings\Mom\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mom\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\Joe Walsh's Greatest Hits- Little Did He Know..\Joe Walsh - Funk #49.mp3
C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\Joe Walsh's Greatest Hits- Little Did He Know..\Joe Walsh - Life's Been Good(1).mp3
C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\Joe Walsh's Greatest Hits- Little Did He Know..\Joe Walsh - Life's Been Good.mp3
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-28 09:58 . 2007-12-28 09:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-28 09:58 . 2007-12-28 09:58 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-28 09:58 . 2007-12-28 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-28 09:37 . 2007-12-28 09:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-28 08:17 . 2007-12-28 08:17 <DIR> d-------- C:\Deckard
2007-12-22 16:10 . 2007-12-22 16:10 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-22 07:01 . 2007-12-22 07:01 <DIR> d--hs---- C:\found.001
2007-12-17 12:36 . 2007-12-29 09:06 121 --a------ C:\WINDOWS\bdagent.INI
2007-12-17 12:35 . 2007-12-17 12:35 <DIR> d-------- C:\Program Files\BitDefender
2007-12-17 12:35 . 2007-12-17 12:35 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Bitdefender
2007-12-17 12:35 . 2007-12-17 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-12-17 12:31 . 2007-12-17 12:35 <DIR> d-------- C:\Program Files\Common Files\BitDefender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-12-25 02:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-22 01:30 --------- d-----w C:\Program Files\LimeWire
2007-12-17 22:16 --------- d-----w C:\Program Files\RegCure
2007-12-17 22:16 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-12-17 22:16 --------- d-----w C:\Program Files\bfgclient
2007-12-17 22:16 --------- d-----w C:\Program Files\Avanquest update
2007-12-17 17:54 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-12-17 17:46 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2007-12-17 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-17 17:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-22 22:07 --------- d-----w C:\Documents and Settings\Mom\Application Data\FMA
2007-11-22 14:08 --------- d-----w C:\Program Files\iTunes
2007-11-22 14:08 --------- d-----w C:\Program Files\iPod
2007-11-22 14:06 --------- d-----w C:\Program Files\QuickTime
2007-11-21 13:23 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-20 21:51 --------- d-----w C:\Program Files\PayPal
2007-11-20 12:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-11-20 12:29 --------- d-----w C:\Program Files\MSN Games
2007-11-20 00:50 --------- d-----w C:\Program Files\Microsoft Expedia Streets & Trips
2007-11-17 16:09 --------- d-----w C:\Program Files\Susteen
2007-11-13 17:26 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-13 17:26 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-13 17:23 --------- d-----w C:\Program Files\Codemasters
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 22:34 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
2007-11-09 19:10 --------- d-----w C:\Program Files\IZArc
2007-11-09 14:32 --------- d-----w C:\Program Files\MRConverter
2007-11-09 14:32 --------- d-----w C:\Program Files\DjToneXpress
2007-11-06 16:18 --------- d-----w C:\Program Files\AOL Games
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 12:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2007-10-30 12:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 15:26 --------- d-----w C:\Program Files\Apple Software Update
2007-10-27 22:48 92,064 ----a-w C:\Documents and Settings\Mom\mqdmmdm.sys
2007-10-27 22:48 9,232 ----a-w C:\Documents and Settings\Mom\mqdmmdfl.sys
2007-10-27 22:48 79,328 ----a-w C:\Documents and Settings\Mom\mqdmserd.sys
2007-10-27 22:48 66,656 ----a-w C:\Documents and Settings\Mom\mqdmbus.sys
2007-10-27 22:48 6,208 ----a-w C:\Documents and Settings\Mom\mqdmcmnt.sys
2007-10-27 22:48 5,936 ----a-w C:\Documents and Settings\Mom\mqdmwhnt.sys
2007-10-27 22:48 4,048 ----a-w C:\Documents and Settings\Mom\mqdmcr.sys
2007-10-27 22:48 25,600 ----a-w C:\Documents and Settings\Mom\usbsermptxp.sys
2007-10-27 22:48 22,768 ----a-w C:\Documents and Settings\Mom\usbsermpt.sys
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-10-22 13:31 251 -c--a-w C:\Program Files\wt3d.ini
2007-08-03 00:13 152 -csh--r C:\WINDOWS\system32\6FEB862DEE.sys
2007-08-03 00:13 6,686 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{DC0F2F93-27FA-4F84-ACAA-9416F90B9511}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"Aim6 "=" " []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-03 09:08]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"AcctMgr "= "C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-08-18 14:41]
"OBD2_TekLink_Start "= "C:\Program Files\OBD2 TekLink\2100D.exe" [2005-04-18 09:28]
"Motive SmartBridge "= "C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41]
"MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-09-18 12:46]
"mm_server "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2006-09-18 12:46]
"PhilipsRemote "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\PhilipsRemote.exe" [2006-09-18 12:46]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50]
"Logitech Utility "= "Logi_MwX.Exe" [2003-12-17 08:50 C:\WINDOWS\LOGI_MWX.EXE]
"ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 08:12]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"BitDefender Antiphishing Helper "= "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46]
"BDAgent "= "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-17 12:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-03-03 09:04:59]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-09-04 17:23:00]
Microsoft Works Calendar Reminders.lnk - C:\WINDOWS\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2006-03-10 09:42:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme
"HideShutdownScripts "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu "= 1 (0x1)
"NoRecentDocsMenu "= 1 (0x1)
"MaxRecentDocs "= 99 (0x63)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HughesNet Tools.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 23:11 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2007-12-17 12:46]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-12-17 12:54]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-08-08 13:12]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx []
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;C:\DOCUME~1\Mom\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys []
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 13:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 18:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 09:27]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 13:58]
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-08-15 15:04]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-08-15 15:04]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-08-15 15:04]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-08-15 15:04]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-08-15 15:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ab8f54c-c500-11db-a7de-001320df01ac}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8081f88d-b558-11db-a7c3-001320df01ac}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - 162F73CE
*Newly Created Service* - 5431D278
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 03:40:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-28 06:00:00 C:\WINDOWS\Tasks\dfrg.job "
- C:\WINDOWS\system32\dfrg.msc
"2007-12-29 04:00:00 C:\WINDOWS\Tasks\Disk Cleanup.job "
- C:\WINDOWS\system32\cleanmgr.exe
"2007-12-28 22:00:13 C:\WINDOWS\Tasks\RegCure Program Check.job "
- C:\Program Files\RegCure\RegCure.exe
"2007-12-29 13:32:20 C:\WINDOWS\Tasks\RegCure.job "
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 09:06:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = ??????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath "=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-29 9:08:17
C:\ComboFix2.txt ... 2007-12-29 08:56
.
2007-12-13 12:20:41 --- E O F ---

 

All of the bd.ren.bd.ren is Bitdefender trying to rename those files in an attempt to remove them. Very common method yet not always successful. Have the files been removed? Can you access the folder and remove them?

If they're still hangin in there, ad/or you still cannot access the folder, my recommendation is to remove the entire folder. I've written a new cfscrip to do just that, as well as address a couple of other issues.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Folder::
C:\Documents and Settings\Mom\My Documents\My Music\Joe Walsh\Joe Walsh's Greatest Hits- Little Did He Know..
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ab8f54c-c500-11db-a7de-001320df01ac}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8081f88d-b558-11db-a7c3-001320df01ac}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
 "AppInit_DLLs "=" "

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Do you have and use any USB flashdrives?

 

Folder still there

Hi There,
Just did as you recommended, folder is still there, still can not delete it. When you put your mouse over it, it says the folder is empty, yet Bitdefender still says there are files in there.

There are 2 things that happen when I do the combofix thing.....
1. when I start it, a swreg.cfexe application error message comes up saying, The instruction at "0x7c9111de" referenced memory at "0x00200065 ", The memory could not be "read ". Click ok to terminate. Which I click "ok ", for it to continue.
2. In the middle of the combofix it goes to C:\ComboFix/DirRoot and says it cannot access as the file is being used by another process. But it does go on and do whatever it does.

Nope I don't have any USB flashdrives, been wanting to get some, just haven't yet.

I'll post the latest log.txt in the next post.

Thanks,
Whoababy

 

Log txt

ComboFix 07-12-21.4 - Mom 2007-12-29 10:25:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.152 [GMT -5:00]
Running from: C:\Documents and Settings\Mom\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mom\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-28 09:58 . 2007-12-28 09:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-28 09:58 . 2007-12-28 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-28 09:37 . 2007-12-28 09:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-28 08:17 . 2007-12-28 08:17 <DIR> d-------- C:\Deckard
2007-12-22 16:10 . 2007-12-22 16:10 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-22 07:01 . 2007-12-22 07:01 <DIR> d--hs---- C:\found.001
2007-12-17 12:36 . 2007-12-29 10:33 121 --a------ C:\WINDOWS\bdagent.INI
2007-12-17 12:35 . 2007-12-17 12:35 <DIR> d-------- C:\Program Files\BitDefender
2007-12-17 12:35 . 2007-12-17 12:35 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Bitdefender
2007-12-17 12:35 . 2007-12-17 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-12-17 12:31 . 2007-12-17 12:35 <DIR> d-------- C:\Program Files\Common Files\BitDefender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-12-25 02:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-22 01:30 --------- d-----w C:\Program Files\LimeWire
2007-12-17 22:16 --------- d-----w C:\Program Files\RegCure
2007-12-17 22:16 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-12-17 22:16 --------- d-----w C:\Program Files\bfgclient
2007-12-17 22:16 --------- d-----w C:\Program Files\Avanquest update
2007-12-17 17:54 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-12-17 17:46 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2007-12-17 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-17 17:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-22 22:07 --------- d-----w C:\Documents and Settings\Mom\Application Data\FMA
2007-11-22 14:08 --------- d-----w C:\Program Files\iTunes
2007-11-22 14:08 --------- d-----w C:\Program Files\iPod
2007-11-22 14:06 --------- d-----w C:\Program Files\QuickTime
2007-11-21 13:23 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-20 21:51 --------- d-----w C:\Program Files\PayPal
2007-11-20 12:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-11-20 12:29 --------- d-----w C:\Program Files\MSN Games
2007-11-20 00:50 --------- d-----w C:\Program Files\Microsoft Expedia Streets & Trips
2007-11-17 16:09 --------- d-----w C:\Program Files\Susteen
2007-11-13 17:26 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-13 17:26 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-13 17:23 --------- d-----w C:\Program Files\Codemasters
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 22:34 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
2007-11-09 19:10 --------- d-----w C:\Program Files\IZArc
2007-11-09 14:32 --------- d-----w C:\Program Files\MRConverter
2007-11-09 14:32 --------- d-----w C:\Program Files\DjToneXpress
2007-11-06 16:18 --------- d-----w C:\Program Files\AOL Games
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 12:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2007-10-30 12:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 15:26 --------- d-----w C:\Program Files\Apple Software Update
2007-10-27 22:48 92,064 ----a-w C:\Documents and Settings\Mom\mqdmmdm.sys
2007-10-27 22:48 9,232 ----a-w C:\Documents and Settings\Mom\mqdmmdfl.sys
2007-10-27 22:48 79,328 ----a-w C:\Documents and Settings\Mom\mqdmserd.sys
2007-10-27 22:48 66,656 ----a-w C:\Documents and Settings\Mom\mqdmbus.sys
2007-10-27 22:48 6,208 ----a-w C:\Documents and Settings\Mom\mqdmcmnt.sys
2007-10-27 22:48 5,936 ----a-w C:\Documents and Settings\Mom\mqdmwhnt.sys
2007-10-27 22:48 4,048 ----a-w C:\Documents and Settings\Mom\mqdmcr.sys
2007-10-27 22:48 25,600 ----a-w C:\Documents and Settings\Mom\usbsermptxp.sys
2007-10-27 22:48 22,768 ----a-w C:\Documents and Settings\Mom\usbsermpt.sys
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-10-22 13:31 251 -c--a-w C:\Program Files\wt3d.ini
2007-08-03 00:13 152 -csh--r C:\WINDOWS\system32\6FEB862DEE.sys
2007-08-03 00:13 6,686 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{DC0F2F93-27FA-4F84-ACAA-9416F90B9511}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"Aim6 "=" " []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-03 09:08]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"AcctMgr "= "C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-08-18 14:41]
"OBD2_TekLink_Start "= "C:\Program Files\OBD2 TekLink\2100D.exe" [2005-04-18 09:28]
"Motive SmartBridge "= "C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41]
"MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-09-18 12:46]
"mm_server "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2006-09-18 12:46]
"PhilipsRemote "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\PhilipsRemote.exe" [2006-09-18 12:46]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50]
"Logitech Utility "= "Logi_MwX.Exe" [2003-12-17 08:50 C:\WINDOWS\LOGI_MWX.EXE]
"ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 08:12]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"BitDefender Antiphishing Helper "= "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46]
"BDAgent "= "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-17 12:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-03-03 09:04:59]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-09-04 17:23:00]
Microsoft Works Calendar Reminders.lnk - C:\WINDOWS\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2006-03-10 09:42:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme
"HideShutdownScripts "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu "= 1 (0x1)
"NoRecentDocsMenu "= 1 (0x1)
"MaxRecentDocs "= 99 (0x63)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HughesNet Tools.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 23:11 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2007-12-17 12:46]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-12-17 12:54]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-08-08 13:12]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx []
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;C:\DOCUME~1\Mom\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys []
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 13:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 18:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 09:27]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 13:58]
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-08-15 15:04]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-08-15 15:04]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-08-15 15:04]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-08-15 15:04]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-08-15 15:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - 0C11B6D8
*Newly Created Service* - 1DD6A6DE
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 03:40:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-28 06:00:00 C:\WINDOWS\Tasks\dfrg.job "
- C:\WINDOWS\system32\dfrg.msc
"2007-12-29 04:00:00 C:\WINDOWS\Tasks\Disk Cleanup.job "
- C:\WINDOWS\system32\cleanmgr.exe
"2007-12-29 14:14:53 C:\WINDOWS\Tasks\RegCure Program Check.job "
- C:\Program Files\RegCure\RegCure.exe
"2007-12-29 13:32:20 C:\WINDOWS\Tasks\RegCure.job "
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 10:33:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath "=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-29 10:34:16
C:\ComboFix2.txt ... 2007-12-29 09:08
C:\ComboFix3.txt ... 2007-12-29 08:56
.
2007-12-13 12:20:41 --- E O F ---

 

Download GMER

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for "˜Show All’.
Click on Scan.
When the scan has completed, click Copy and paste the results (if any) into this topic. It may be large and require splitting into several posts.

 

I also notice you have run ComboFix 3 times now. Please post the contents of C:\ComboFix3.txt
That is the log from it's first run, which I have not seen.

 

Combofix3.txt

ComboFix 07-12-21.4 - Mom 2007-12-29 8:43:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.101 [GMT -5:00]
Running from: C:\Documents and Settings\Mom\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-28 09:58 . 2007-12-28 09:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-28 09:58 . 2007-12-28 09:58 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-28 09:58 . 2007-12-28 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-28 09:37 . 2007-12-28 09:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-28 08:17 . 2007-12-28 08:17 <DIR> d-------- C:\Deckard
2007-12-22 16:10 . 2007-12-22 16:10 1,158 --a------ C:\WINDOWS\mozver.dat
2007-12-22 07:01 . 2007-12-22 07:01 <DIR> d--hs---- C:\found.001
2007-12-17 12:36 . 2007-12-29 08:54 121 --a------ C:\WINDOWS\bdagent.INI
2007-12-17 12:35 . 2007-12-17 12:35 <DIR> d-------- C:\Program Files\BitDefender
2007-12-17 12:35 . 2007-12-17 12:35 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\Bitdefender
2007-12-17 12:35 . 2007-12-17 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-12-17 12:31 . 2007-12-17 12:35 <DIR> d-------- C:\Program Files\Common Files\BitDefender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-12-25 02:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-22 01:30 --------- d-----w C:\Program Files\LimeWire
2007-12-17 22:16 --------- d-----w C:\Program Files\RegCure
2007-12-17 22:16 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-12-17 22:16 --------- d-----w C:\Program Files\bfgclient
2007-12-17 22:16 --------- d-----w C:\Program Files\Avanquest update
2007-12-17 17:54 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-12-17 17:46 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2007-12-17 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-17 17:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-22 22:07 --------- d-----w C:\Documents and Settings\Mom\Application Data\FMA
2007-11-22 14:08 --------- d-----w C:\Program Files\iTunes
2007-11-22 14:08 --------- d-----w C:\Program Files\iPod
2007-11-22 14:06 --------- d-----w C:\Program Files\QuickTime
2007-11-21 13:23 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-20 21:51 --------- d-----w C:\Program Files\PayPal
2007-11-20 12:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-11-20 12:29 --------- d-----w C:\Program Files\MSN Games
2007-11-20 00:50 --------- d-----w C:\Program Files\Microsoft Expedia Streets & Trips
2007-11-17 16:09 --------- d-----w C:\Program Files\Susteen
2007-11-13 17:26 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-13 17:26 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-13 17:23 --------- d-----w C:\Program Files\Codemasters
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 22:34 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
2007-11-09 19:10 --------- d-----w C:\Program Files\IZArc
2007-11-09 14:32 --------- d-----w C:\Program Files\MRConverter
2007-11-09 14:32 --------- d-----w C:\Program Files\DjToneXpress
2007-11-06 16:18 --------- d-----w C:\Program Files\AOL Games
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 12:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2007-10-30 12:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 15:26 --------- d-----w C:\Program Files\Apple Software Update
2007-10-27 22:48 92,064 ----a-w C:\Documents and Settings\Mom\mqdmmdm.sys
2007-10-27 22:48 9,232 ----a-w C:\Documents and Settings\Mom\mqdmmdfl.sys
2007-10-27 22:48 79,328 ----a-w C:\Documents and Settings\Mom\mqdmserd.sys
2007-10-27 22:48 66,656 ----a-w C:\Documents and Settings\Mom\mqdmbus.sys
2007-10-27 22:48 6,208 ----a-w C:\Documents and Settings\Mom\mqdmcmnt.sys
2007-10-27 22:48 5,936 ----a-w C:\Documents and Settings\Mom\mqdmwhnt.sys
2007-10-27 22:48 4,048 ----a-w C:\Documents and Settings\Mom\mqdmcr.sys
2007-10-27 22:48 25,600 ----a-w C:\Documents and Settings\Mom\usbsermptxp.sys
2007-10-27 22:48 22,768 ----a-w C:\Documents and Settings\Mom\usbsermpt.sys
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-10-22 13:31 251 -c--a-w C:\Program Files\wt3d.ini
2007-08-03 00:13 152 -csh--r C:\WINDOWS\system32\6FEB862DEE.sys
2007-08-03 00:13 6,686 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{DC0F2F93-27FA-4F84-ACAA-9416F90B9511}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@ "=" " []
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"Aim6 "=" " []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-03 09:08]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"AcctMgr "= "C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-08-18 14:41]
"OBD2_TekLink_Start "= "C:\Program Files\OBD2 TekLink\2100D.exe" [2005-04-18 09:28]
"Motive SmartBridge "= "C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41]
"MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-09-18 12:46]
"mm_server "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2006-09-18 12:46]
"PhilipsRemote "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\PhilipsRemote.exe" [2006-09-18 12:46]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50]
"Logitech Utility "= "Logi_MwX.Exe" [2003-12-17 08:50 C:\WINDOWS\LOGI_MWX.EXE]
"ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 08:12]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"BitDefender Antiphishing Helper "= "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46]
"BDAgent "= "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-17 12:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-03-03 09:04:59]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-09-04 17:23:00]
Microsoft Works Calendar Reminders.lnk - C:\WINDOWS\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2006-03-10 09:42:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme
"HideShutdownScripts "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage "= 0 (0x0)
"NoDispCPL "= 0 (0x0)
"NoDispAppearancePage "= 0 (0x0)
"DisableTaskMgr "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu "= 1 (0x1)
"NoRecentDocsMenu "= 1 (0x1)
"MaxRecentDocs "= 99 (0x63)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HughesNet Tools.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 23:11 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2007-12-17 12:46]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-12-17 12:54]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-08-08 13:12]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx []
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;C:\DOCUME~1\Mom\LOCALS~1\Temp\F-Secure\BlackLight\fsbldrv.sys []
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 13:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 18:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 09:27]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 13:58]
S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys [2005-08-15 15:04]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2005-08-15 15:04]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2005-08-15 15:04]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w600mgmt.sys [2005-08-15 15:04]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w600obex.sys [2005-08-15 15:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ab8f54c-c500-11db-a7de-001320df01ac}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8081f88d-b558-11db-a7c3-001320df01ac}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - 162F73CE
*Newly Created Service* - 5431D278
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 03:40:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-28 06:00:00 C:\WINDOWS\Tasks\dfrg.job "
- C:\WINDOWS\system32\dfrg.msc
"2007-12-29 04:00:00 C:\WINDOWS\Tasks\Disk Cleanup.job "
- C:\WINDOWS\system32\cleanmgr.exe
"2007-12-28 22:00:13 C:\WINDOWS\Tasks\RegCure Program Check.job "
- C:\Program Files\RegCure\RegCure.exe
"2007-12-29 13:32:20 C:\WINDOWS\Tasks\RegCure.job "
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 08:55:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = ??????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath "=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-12-29 8:56:45
.
2007-12-13 12:20:41 --- E O F ---


Will post the GMER results in a few, gotta let it scan.

Thanks,
Whoababy

 

GMER results Part 1

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-30 08:37:43
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys ZwOpenProcess
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys ZwOpenThread
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.13 ----

? System32\Drivers\1dd6a6de.sys The system cannot find the file specified.
? System32\Drivers\0c11b6d8.sys The system cannot find the file specified.
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified.
? C:\DOCUME~1\Mom\LOCALS~1\Temp\catchme.sys The system cannot find the file specified.
? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5408] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F2C1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5408] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A166F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5408] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A15F0 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5408] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A1634 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5408] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A157C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5408] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A15B6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5408] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A16AA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5408] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F31676 C:\WINDOWS\system32\IEFRAME.dll

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F82C81DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F82C81DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F82C8454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F82C81DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [A8A77BB0] trufos.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [AA7556A4] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [AA756988] bdftdif.sys

 

GMER results Part 2

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [AA7556A4] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [AA7556A4] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [AA7556A4] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [AA756988] bdftdif.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [AA756988] bdftdif.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F82C81DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F82C81DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F82C8454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F82C81DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F82BBF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [A8A77BB0] trufos.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [A8A77BB0] trufos.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [A9540701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [A9540701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [A9540701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [A9540701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [A9540701] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [A954089D] tfsnifs.sys