WiredWX Hobby Weather ToolsLog in

 


XP Anti-Spyware 2011

2 posters

descriptionXP Anti-Spyware 2011 EmptyXP Anti-Spyware 2011

more_horiz
I need help!!!

My other home office computer (next to the one I'm posting from) was infected with some type of malware program called "XP Anti-Spyware 2011". I have used your site once before and received good help, so I looked at some posts; one of which said to run Malwarebytes. Since the infected machine won't let me access the internet, I downloaded MB to a thumb drive and ran it on the infected machine while in "Safe mode with Networking".

It appeared to work: after the scan it brought up a list of about a dozen items. All but about 4-5 of these items were auto-checkmarked. Assuming MB knew which ones were 'bad' I had it remove/delete those that were already checkmarked. Here's the log I saved after this action:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5888

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2/26/2011 3:26:27 PM
mbam-log-2011-02-26 (15-26-15).txt

Scan type: Quick scan
Objects scanned: 168277
Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
c:\documents and settings\administrator\local settings\application data\whv.exe (Trojan.FakeAlert) -> 1580 -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> No action taken.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A14A8608-CF1C-4010-A348-7EA220C70305}_is1 (PUP.PerfectOptimizer) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\whv.exe" -a "%1" %*) Good: ("%1" %*) -> No action taken.

Folders Infected:
c:\documents and settings\Rick\start menu\Programs\perfect optimizer (PUP.PerfectOptimizer) -> No action taken.

Files Infected:
c:\documents and settings\administrator\local settings\application data\whv.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\administrator\local settings\application data\nkx.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\Rick\start menu\Programs\perfect optimizer\perfect optimizer.lnk (PUP.PerfectOptimizer) -> No action taken.
c:\documents and settings\Rick\start menu\Programs\perfect optimizer\uninstall.lnk (PUP.PerfectOptimizer) -> No action taken.
c:\documents and settings\Rick\start menu\Programs\perfect optimizer\Website.lnk (PUP.PerfectOptimizer) -> No action taken.

I rebooted. The good news: I am no longer receiving the insidious & repeating "XP Anti-Spyware 2011" splash screens. However, something seems terribly wrong:

1. I'm getting "Application not found" error boxes when I select (for e.g.) MS Word or Excel from the either the Quick Launch window and/or when I attempt to access these apps via "Start" - "All Programs", etc. When I attempt to launch Internete Explorer or my legitimate virus software (Trend Micro Titanium) from the quick launch I get an "Open with" box asking me to "Choose the program you want to use to open this file:" followed by a long list of apps from which to choose...

2. My system tray (i.e. bottom right corner of screen) is not displaying icons it used to display

3. The computer seems to be running slow.

AAAArrrrrgggghhh! What has happened to my computer?!!

I'm hoping you can help!

Thanks.

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
Belahzur,

Thanks so much for your help. I have been out of town and therefore just now getting back to fix this...

I downloaded OTL as instructed, but when I attempt to run the program, I get an "Open With" dialog box listing various programs (Adobe, IE, Excel, Word, etc.) and am therefore seemingly unable to launch OTL.

It looks like you might be online, so hoping you can advise quickly how to get OTL to run...

Thanks again.

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
Hello.

Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
I ran exeHelper.com (twice as it appeared to error out when I attempted to close the black / DOS command box when it prompted "press any key to continue...".) Log file results posted below:

exeHelper by Raktor
Build 20100414
Run at 01:59:52 on 03/03/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 02:02:39 on 03/03/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

After doing this, I attempted (and was successful) in running OTL as you had previously advised (hope that was okay to do...) OTL.txt and Extras.txt logs posted below. Please advise next steps. Thank u.

OTL.Txt log:

OTL logfile created on: 3/3/2011 2:12:26 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = H:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 45.70 Gb Free Space | 61.37% Space Free | Partition Type: NTFS
Drive G: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 983.02 Mb Total Space | 845.52 Mb Free Space | 86.01% Space Free | Partition Type: FAT

Computer Name: PEACH-OFFICE | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/02 12:03:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2011/02/26 11:26:50 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2011/02/26 11:26:20 | 003,101,648 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe
PRC - [2010/11/22 16:03:33 | 000,112,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2010/11/22 16:03:06 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2010/10/01 18:07:32 | 000,196,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/18 14:14:36 | 001,593,808 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\Upgrade.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/09 16:47:20 | 004,603,904 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\U3\00004870F171228C\LaunchPad.exe
PRC - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/02 12:03:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/02/26 08:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (r_server)
SRV - [2010/10/01 18:07:32 | 000,196,320 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (TfSysMon)
DRV - File not found [Kernel | Disabled | Running] -- -- (TfFsMon)
DRV - [2011/02/26 11:25:04 | 000,063,360 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011/02/26 11:25:02 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/22 16:03:19 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/11/22 16:03:18 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/11/22 16:03:18 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/11/22 16:03:18 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2006/08/03 18:33:20 | 000,014,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2005/04/01 14:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lds.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://lds.org/ldsorg/v/index.jsp?vgnextoid=e419fb40e21cef00VgnVCM1000001f5e340aRCRD"
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2010/11/22 21:24:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 09:38:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/02 09:06:58 | 000,000,000 | ---D | M]

[2009/04/03 09:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick\Application Data\Mozilla\Extensions
[2011/02/26 12:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\bg6oqru0.default\extensions
[2010/09/15 14:05:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\bg6oqru0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/26 12:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/02 09:07:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/02 09:05:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/22 21:24:43 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1381\6.5.1234\FIREFOXEXTENSION
[2011/02/02 09:05:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/04/22 23:40:19 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [CRLEventnet] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: stamps.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: unishippers.com ([]* in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196720124171 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email04.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/02/12 11:53:42 | 000,000,277 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a1eb7d87-afd8-11dc-931c-00142247e069}\Shell - "" = AutoRun
O33 - MountPoints2\{a1eb7d87-afd8-11dc-931c-00142247e069}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1eb7d87-afd8-11dc-931c-00142247e069}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/02/12 17:33:37 | 001,110,016 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/26 20:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/02/26 20:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[2011/02/26 20:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
[2011/02/26 14:56:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/26 14:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/26 14:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/26 14:56:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/26 14:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/26 11:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Desktop\log
[2011/02/26 11:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Local Settings\Application Data\Threat Expert
[2011/02/26 10:59:09 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/02/26 10:59:08 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/02/26 10:59:08 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/02/26 10:52:49 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/02/26 10:52:18 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/02/26 10:52:18 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/02/26 10:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Doctor
[2011/02/26 10:50:50 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/02/26 10:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/02/26 10:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Application Data\PC Tools
[2011/02/26 10:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/02/26 10:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/02 09:08:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/02 09:06:58 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/02 09:06:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/02 09:06:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/02 09:06:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[39 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\Rick\Desktop\*.tmp files -> C:\Documents and Settings\Rick\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/03 01:27:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/03 01:22:02 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2783445133-3881002321-2059250095-1006UA.job
[2011/03/02 17:34:19 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\Microsoft Office Excel 2003.lnk
[2011/03/02 15:29:27 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\Microsoft Office Word 2003.lnk
[2011/03/02 14:43:35 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\Microsoft Office Outlook 2003.lnk
[2011/03/02 12:00:00 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job
[2011/03/02 09:27:04 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/02 03:22:06 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2783445133-3881002321-2059250095-1006Core.job
[2011/02/26 15:48:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/26 15:46:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2783445133-3881002321-2059250095-1006.job
[2011/02/26 15:44:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/26 15:33:04 | 000,002,439 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\HiJackThis.lnk
[2011/02/26 15:15:46 | 000,009,648 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2277543701
[2011/02/26 14:56:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/26 13:53:25 | 000,009,648 | -HS- | M] () -- C:\Documents and Settings\Rick\Local Settings\Application Data\2277543701
[2011/02/26 11:25:04 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/02/26 11:25:02 | 000,218,592 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/02/26 10:51:57 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/02/25 09:08:09 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/25 08:54:05 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/02/24 22:21:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/24 08:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2783445133-3881002321-2059250095-1006.job
[2011/02/24 00:07:03 | 000,000,689 | ---- | M] () -- C:\WINDOWS\americal1.fita
[2011/02/16 22:48:53 | 002,135,412 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\Nevaeh.JPG
[2011/02/11 13:41:42 | 000,001,101 | ---- | M] () -- C:\Documents and Settings\Rick\My Documents\ChatLog Meet Now 2011_02_11 13_41.rtf
[2011/02/11 13:18:25 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\Rick\My Documents\ChatLog Meet Now 2011_02_11 13_18.rtf
[2011/02/02 09:20:29 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Rick\g2mdlhlpx.exe
[2011/02/02 09:04:57 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/02 09:04:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/02 09:04:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/02 09:04:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/02 09:04:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[39 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\Rick\Desktop\*.tmp files -> C:\Documents and Settings\Rick\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/26 14:56:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/26 10:59:10 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/02/26 10:59:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/02/26 10:59:09 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/02/26 10:59:09 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/02/26 10:59:08 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/02/26 10:52:49 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2011/02/26 10:52:18 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2011/02/26 10:52:18 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2011/02/26 10:51:57 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/02/26 10:50:51 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2011/02/25 13:14:44 | 000,009,648 | -HS- | C] () -- C:\Documents and Settings\Rick\Local Settings\Application Data\2277543701
[2011/02/25 13:14:44 | 000,009,648 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2277543701
[2011/02/16 22:48:50 | 002,135,412 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\Nevaeh.JPG
[2011/02/11 13:41:42 | 000,001,101 | ---- | C] () -- C:\Documents and Settings\Rick\My Documents\ChatLog Meet Now 2011_02_11 13_41.rtf
[2011/02/11 13:18:25 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Rick\My Documents\ChatLog Meet Now 2011_02_11 13_18.rtf
[2010/06/07 08:04:32 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/12/04 16:42:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\comm.INI
[2009/12/03 15:52:40 | 000,000,039 | ---- | C] () -- C:\WINDOWS\POC.INI
[2009/12/02 22:04:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\absdatasvc.INI
[2009/12/02 22:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adminsvc.INI
[2009/12/02 22:04:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\applogic.INI
[2009/12/02 22:04:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\revservice.INI
[2009/12/02 22:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tracklogic.INI
[2009/09/22 10:40:47 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/26 09:26:38 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Rick\Application Data\Jorge Ortega0.bmp
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/12/03 11:25:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/11/02 18:02:03 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\Quesa.dll
[2008/05/29 12:19:46 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/05/28 19:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/06 13:40:38 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/04/22 07:43:59 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/04/15 16:03:09 | 000,000,058 | ---- | C] () -- C:\WINDOWS\pccillin.ini
[2008/04/09 08:56:48 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/02/04 21:08:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Rick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/09 16:01:34 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Rick\Local Settings\Application Data\fusioncache.dat
[2006/03/09 14:28:47 | 000,068,952 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2006/03/09 14:28:47 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2006/02/23 15:06:42 | 001,200,128 | ---- | C] () -- C:\WINDOWS\System32\cwrecovery.exe
[2006/02/01 01:36:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/01 01:32:04 | 000,000,764 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/01 01:10:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/02/01 01:09:52 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 15:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 15:07:24 | 000,004,387 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 15:06:43 | 000,192,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 15:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 15:00:28 | 000,456,782 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 15:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 15:00:28 | 000,076,328 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 15:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 15:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 15:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 15:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 15:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 15:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 15:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 15:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

====================================================

Extras.txt log:

OTL Extras logfile created on: 3/3/2011 2:12:26 AM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = H:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 45.70 Gb Free Space | 61.37% Space Free | Partition Type: NTFS
Drive G: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 983.02 Mb Total Space | 845.52 Mb Free Space | 86.01% Space Free | Partition Type: FAT

Computer Name: PEACH-OFFICE | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Radmin\radmin.exe" = C:\Program Files\Radmin\radmin.exe:*:Enabled:Remote Administrator viewer -- ()
"C:\Documents and Settings\Rick\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Rick\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{1051972F-126C-409F-BE74-ADF014D1A6A7}" = FedEx Ship Manager
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1F26BB96-64B0-4873-B090-243E53738D93}" = DHL EasyShip Connect
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23DFB32F-1BF2-4312-8DEC-46CBE08786E5}" = DHL EasyShip Connect
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90180409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9E404AA6-7C63-4D95-B8D2-72256ABB6A9E}" = Stamps.com Address Book Support for Outlook Express, Works, IE
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A14A8608-CF1C-4010-A348-7EA220C70305}_is1" = Perfect Optimizer 5.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Microâ„¢ Titaniumâ„¢ Internet Security
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D00324C0-5343-4917-BF1E-D5E45D22B7E8}" = Stamps.com Address Book Support for Common Harmony
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Batch Converter" = Advanced Batch Converter
"Americal" = Americalculator (Remove)
"ATT-RemoteControl" = ATT-RemoteControl
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Google Desktop" = Google Desktop
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnTrac" = OnTrac
"Quick Pallet Maker" = Quick Pallet Maker
"RealPlayer 12.0" = RealPlayer
"Remote Administrator v2.2" = Remote Administrator v2.2
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = Spyware Doctor 7.0
"Stamps.com" = Stamps.com
"Stamps.com support for Harmony" = Stamps.com support for Harmony
"Stamps.com support for Outlook Express, Works, IE" = Stamps.com support for Outlook Express, Works, IE
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2011 4:24:50 AM | Computer Name = PEACH-OFFICE | Source = ESENT | ID = 490
Description = svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/3/2011 4:24:51 AM | Computer Name = PEACH-OFFICE | Source = ESENT | ID = 490
Description = svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/3/2011 5:51:48 AM | Computer Name = PEACH-OFFICE | Source = ESENT | ID = 490
Description = svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/3/2011 5:51:49 AM | Computer Name = PEACH-OFFICE | Source = ESENT | ID = 490
Description = svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/3/2011 5:51:50 AM | Computer Name = PEACH-OFFICE | Source = ESENT | ID = 490
Description = svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/3/2011 5:51:51 AM | Computer Name = PEACH-OFFICE | Source = ESENT | ID = 490
Description = svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/3/2011 5:59:35 AM | Computer Name = PEACH-OFFICE | Source = Application Hang | ID = 1002
Description = Hanging application pctsGui.exe, version 7.0.0.545, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2011 6:05:05 AM | Computer Name = PEACH-OFFICE | Source = Application Hang | ID = 1002
Description = Hanging application pctsGui.exe, version 7.0.0.545, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2011 6:14:38 AM | Computer Name = PEACH-OFFICE | Source = ESENT | ID = 490
Description = svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/3/2011 6:14:39 AM | Computer Name = PEACH-OFFICE | Source = ESENT | ID = 490
Description = svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 2/26/2011 6:55:45 PM | Computer Name = PEACH-OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/26/2011 6:56:35 PM | Computer Name = PEACH-OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/26/2011 7:06:42 PM | Computer Name = PEACH-OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2/26/2011 7:26:22 PM | Computer Name = PEACH-OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/26/2011 7:27:12 PM | Computer Name = PEACH-OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/26/2011 7:27:44 PM | Computer Name = PEACH-OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/26/2011 7:29:29 PM | Computer Name = PEACH-OFFICE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 2/26/2011 7:29:29 PM | Computer Name = PEACH-OFFICE | Source = Service Control Manager | ID = 7000
Description = The Remote Administrator Service service failed to start due to the
following error: %%2

Error - 2/26/2011 7:45:18 PM | Computer Name = PEACH-OFFICE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 2/26/2011 7:45:18 PM | Computer Name = PEACH-OFFICE | Source = Service Control Manager | ID = 7000
Description = The Remote Administrator Service service failed to start due to the
following error: %%2

< End of report >

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
Downloaded and ran Malwarebytes as directed. Checkmarked boxes and removed. Rebooted as requested. FYI - after rebooting computer, I received dialogue box entitled "RUNDLL" w/ message saying "Error loading C:\Documents and Settings\Rick\Local Settings\Application Data\eapMouseaudio\CRLEventnet.dll The specified module could not be found. [Okay]"

Here are contents of the MBAM log - please advise next step(s):

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5948

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/3/2011 8:43:29 PM
mbam-log-2011-03-03 (20-43-29).txt

Scan type: Quick scan
Objects scanned: 170758
Time elapsed: 26 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A14A8608-CF1C-4010-A348-7EA220C70305}_is1 (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Rick\start menu\Programs\perfect optimizer (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Rick\start menu\Programs\perfect optimizer\perfect optimizer.lnk (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\documents and settings\Rick\start menu\Programs\perfect optimizer\uninstall.lnk (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\documents and settings\Rick\start menu\Programs\perfect optimizer\Website.lnk (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
Oh no!..I was just exploring directories on previously infected machine and am missing at least one critical data folder that I was accessing just last night (using Excel after running OTL.) It's gone - vanished. Excel shows the 2-3 file names I accessed when I click on "File", but when I click on any of the file names I get "C:\path\filename could not be found...."

I don't have data backed up...oh no.

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
Update on my lost data folder: I found the folder I'm looking for. It has been moved under the following root folder with name I did not create nor recognize:

C:\123b63504ab7b169304121

When I double-click to open my data folder, I receive an error dialoue box saying "[path\filename] is not accessible. Access is denied." Right-click check of folder properties reveals folder is "Read-only" and says folder has 0 bytes and 0 files(?!?)

fyi - The '123..." root folder has 2 other sub-folders in addition to mine. One folder named "amd64"; the other named "i386". Both sub-folders contain the following files:

filterpipelineprintproc.dll
msxpsinc.gpd
xpssvcs.dll
msxpsdrv ("Security Catalog")
msxpsinc.ppd
msxpsdrv ("Setup Information")
Mxdwdrv.dll

Sorry to add this to the task of freeing my computer of malware...but it will be devastating if I have lost the data in this folder. Thank you again for helping me.

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    XP Anti-Spyware 2011 CF_download_FF

    XP Anti-Spyware 2011 CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    XP Anti-Spyware 2011 Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    XP Anti-Spyware 2011 Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
Downloaded, renamed and ran Combo-Fix as instructed and Combofix.txt contents are listed further below. ** Please note per previous post(s) about apparent the loss of a personal data folder. I don't know whether this happened after running OTL or Malwarebytes; however, the data folder in question somehow moved on its own under a separate, randomly generated folder (which folder has a self-generated cryptic alpha-numeric name and file names listed in my last post).

When I right-click and select 'Properties' on the data folde, it shows "0 files" and "0 bytes" and when I attempt to open the folder by double-clicking on it I receive error message "[Path\filename] is not accessible. Access is denied." I had hoped upon hope that this folder might be recovered after running Comb-fix, but nothing has changed. Am I out of luck recovering this data?

Combofix.txt contents:

ComboFix 11-03-05.01 - Rick 03/05/2011 23:32:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.522 [GMT -8:00]
Running from: c:\documents and settings\Rick\Desktop\Combo-Fix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rick\g2mdlhlpx.exe
c:\documents and settings\Rick\GoToAssistDownloadHelper.exe
C:\LOG1.tmp
C:\LOG10DB.tmp
C:\LOG1CE.tmp
C:\LOG1E8.tmp
C:\LOG256.tmp
C:\LOG257.tmp
C:\LOG274.tmp
C:\LOG2C2.tmp
C:\LOG2D7.tmp
C:\LOG2E4.tmp
C:\LOG2F1.tmp
C:\LOG2F8.tmp
C:\LOG304.tmp
C:\LOG310.tmp
C:\LOG343.tmp
C:\LOG344.tmp
C:\LOG352.tmp
C:\LOG35B.tmp
C:\LOG36.tmp
C:\LOG367.tmp
C:\LOG39F.tmp
C:\LOG3C3.tmp
C:\LOG3CD.tmp
C:\LOG3D1.tmp
C:\LOG3E0.tmp
C:\LOG3F3.tmp
C:\LOG409.tmp
C:\LOG427.tmp
C:\LOG447.tmp
C:\LOG44C.tmp
C:\LOG468.tmp
C:\LOG4BD.tmp
C:\LOG58D.tmp
C:\LOG6A.tmp
C:\LOG6C.tmp
C:\LOG7B.tmp
C:\LOG90F.tmp
C:\LOG934E.tmp
C:\LOG94F4.tmp
C:\LOGB4.tmp
C:\LOGCF.tmp
c:\windows\Downloaded Program Files\ODCTOOLS
.
.
((((((((((((((((((((((((( Files Created from 2011-02-06 to 2011-03-06 )))))))))))))))))))))))))))))))
.
.
2011-03-04 22:00 . 2011-03-06 06:28 -------- d-----w- C:\USPS-temp
2011-03-04 18:24 . 2011-03-06 06:28 -------- d-----w- C:\Business Facilitating
2011-03-04 02:27 . 2011-03-04 02:27 -------- d-----w- c:\documents and settings\Rick\Application Data\Malwarebytes
2011-02-27 04:20 . 2011-02-27 04:20 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-02-27 04:20 . 2011-02-27 04:20 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-02-27 04:19 . 2011-02-27 04:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2011-02-26 23:14 . 2011-02-26 23:14 -------- d-----w- c:\documents and settings\Administrator\ContentWatch
2011-02-26 22:56 . 2011-02-26 22:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-02-26 22:56 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-26 22:56 . 2011-02-26 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-26 22:56 . 2011-03-04 02:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 22:56 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-26 22:55 . 2011-02-26 22:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2011-02-26 21:15 . 2011-02-26 21:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-02-26 19:03 . 2011-02-26 19:03 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Threat Expert
2011-02-26 18:49 . 2011-03-06 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-02-26 18:49 . 2011-03-06 07:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 17:04 . 2008-08-13 14:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 17:04 . 2011-02-02 17:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-21 14:44 . 2004-08-11 23:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-10-14 02:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 23:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2008-10-14 02:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-10-14 02:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2008-10-14 02:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2008-10-14 02:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2008-10-14 02:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Google Update"="c:\documents and settings\Rick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-16 1831936]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-30 202256]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-11-23 112632]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2010-11-23 1062224]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-14 217193]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2009-12-18 40368]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2009-12-18 738776]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2006-3-9 221295]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Radmin\\radmin.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Rick\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [11/22/2010 9:21 PM 196320]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [11/22/2010 9:24 PM 64080]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/16/2010 11:24 AM 136176]
S2 r_server;Remote Administrator Service;"c:\windows\system32\r_server.exe" /service --> c:\windows\system32\r_server.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 19:24]
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 19:24]
.
2011-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2783445133-3881002321-2059250095-1006Core.job
- c:\documents and settings\Rick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 03:37]
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2783445133-3881002321-2059250095-1006UA.job
- c:\documents and settings\Rick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 03:37]
.
2011-03-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2783445133-3881002321-2059250095-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
2011-03-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2783445133-3881002321-2059250095-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://lds.org/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: ameritrade.com
Trusted Zone: stamps.com
Trusted Zone: tdameritrade.com
Trusted Zone: unishippers.com
DPF: Web-Based Email Tools - hxxp://email04.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\bg6oqru0.default\
FF - prefs.js: browser.startup.homepage - hxxp://lds.org/ldsorg/v/index.jsp?vgnextoid=e419fb40e21cef00VgnVCM1000001f5e340aRCRD
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-CRLEventnet - c:\documents and settings\Rick\Local Settings\Application Data\eapMouseaudio\CRLEventnet.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-05 23:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6V080E0 rev.VA131610 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0xF74C6864
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2783445133-3881002321-2059250095-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2644)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2011-03-06 00:14:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-06 08:13
.
Pre-Run: 49,032,679,424 bytes free
Post-Run: 49,425,539,072 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BF51F3AC0B8FFC0253466D0B5082C3C5





descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
TDSSKiller report follows. Please advise.

2011/03/06 21:17:50.0044 1308 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/06 21:17:50.0497 1308 ================================================================================
2011/03/06 21:17:50.0497 1308 SystemInfo:
2011/03/06 21:17:50.0497 1308
2011/03/06 21:17:50.0497 1308 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/06 21:17:50.0497 1308 Product type: Workstation
2011/03/06 21:17:50.0497 1308 ComputerName: PEACH-OFFICE
2011/03/06 21:17:50.0513 1308 UserName: Rick
2011/03/06 21:17:50.0513 1308 Windows directory: C:\WINDOWS
2011/03/06 21:17:50.0513 1308 System windows directory: C:\WINDOWS
2011/03/06 21:17:50.0513 1308 Processor architecture: Intel x86
2011/03/06 21:17:50.0513 1308 Number of processors: 1
2011/03/06 21:17:50.0513 1308 Page size: 0x1000
2011/03/06 21:17:50.0513 1308 Boot type: Normal boot
2011/03/06 21:17:50.0513 1308 ================================================================================
2011/03/06 21:17:52.0685 1308 Initialize success
2011/03/06 21:17:59.0390 0988 ================================================================================
2011/03/06 21:17:59.0390 0988 Scan started
2011/03/06 21:17:59.0390 0988 Mode: Manual;
2011/03/06 21:17:59.0390 0988 ================================================================================
2011/03/06 21:18:01.0281 0988 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/06 21:18:01.0406 0988 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/06 21:18:01.0499 0988 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/06 21:18:01.0593 0988 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/06 21:18:01.0734 0988 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/06 21:18:01.0843 0988 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/06 21:18:01.0937 0988 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/06 21:18:02.0109 0988 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/06 21:18:02.0687 0988 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/06 21:18:02.0812 0988 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/06 21:18:02.0906 0988 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/06 21:18:03.0109 0988 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/06 21:18:03.0219 0988 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/06 21:18:03.0312 0988 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/06 21:18:03.0437 0988 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/06 21:18:03.0547 0988 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/06 21:18:03.0641 0988 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/06 21:18:03.0781 0988 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/06 21:18:03.0906 0988 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/06 21:18:04.0016 0988 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/06 21:18:04.0141 0988 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/06 21:18:04.0250 0988 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/06 21:18:04.0313 0988 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/03/06 21:18:04.0375 0988 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/06 21:18:04.0500 0988 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/06 21:18:04.0563 0988 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/06 21:18:04.0609 0988 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/06 21:18:04.0672 0988 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/06 21:18:04.0813 0988 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/06 21:18:04.0875 0988 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/06 21:18:05.0063 0988 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/06 21:18:05.0172 0988 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/06 21:18:05.0375 0988 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/06 21:18:05.0485 0988 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/06 21:18:05.0594 0988 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/06 21:18:05.0735 0988 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/06 21:18:05.0828 0988 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/06 21:18:05.0907 0988 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/06 21:18:05.0953 0988 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/06 21:18:06.0047 0988 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/06 21:18:06.0188 0988 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/06 21:18:06.0297 0988 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/06 21:18:06.0375 0988 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/06 21:18:06.0547 0988 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/06 21:18:06.0641 0988 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/06 21:18:06.0813 0988 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/06 21:18:06.0891 0988 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/06 21:18:07.0032 0988 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/06 21:18:07.0141 0988 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/06 21:18:07.0204 0988 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/06 21:18:07.0297 0988 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/06 21:18:07.0454 0988 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/03/06 21:18:07.0532 0988 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/06 21:18:07.0610 0988 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/06 21:18:07.0751 0988 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/06 21:18:07.0798 0988 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/06 21:18:07.0891 0988 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/06 21:18:08.0032 0988 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/06 21:18:08.0204 0988 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/06 21:18:08.0282 0988 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/06 21:18:08.0360 0988 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/06 21:18:08.0485 0988 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/03/06 21:18:08.0626 0988 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/06 21:18:08.0720 0988 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/06 21:18:08.0829 0988 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/06 21:18:08.0923 0988 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/06 21:18:09.0032 0988 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/06 21:18:09.0095 0988 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/06 21:18:09.0189 0988 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/06 21:18:09.0298 0988 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/06 21:18:09.0360 0988 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/06 21:18:09.0454 0988 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/06 21:18:09.0579 0988 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/06 21:18:09.0689 0988 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/06 21:18:09.0751 0988 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/06 21:18:09.0814 0988 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/06 21:18:09.0907 0988 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/06 21:18:10.0126 0988 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/06 21:18:10.0204 0988 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/06 21:18:10.0454 0988 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/06 21:18:10.0579 0988 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/06 21:18:10.0642 0988 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/06 21:18:10.0720 0988 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/06 21:18:10.0861 0988 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/06 21:18:11.0017 0988 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/06 21:18:11.0142 0988 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/06 21:18:11.0251 0988 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/06 21:18:11.0392 0988 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/06 21:18:11.0501 0988 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/06 21:18:11.0642 0988 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/06 21:18:11.0705 0988 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/06 21:18:11.0830 0988 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/06 21:18:11.0955 0988 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/06 21:18:12.0064 0988 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/06 21:18:12.0173 0988 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/06 21:18:12.0283 0988 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/06 21:18:12.0408 0988 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/06 21:18:12.0517 0988 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/06 21:18:12.0674 0988 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/06 21:18:12.0783 0988 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/06 21:18:12.0924 0988 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/03/06 21:18:13.0033 0988 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/06 21:18:13.0643 0988 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/06 21:18:13.0783 0988 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/06 21:18:14.0080 0988 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/06 21:18:14.0346 0988 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/06 21:18:14.0440 0988 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/06 21:18:14.0518 0988 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/06 21:18:14.0658 0988 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/06 21:18:14.0783 0988 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/06 21:18:14.0862 0988 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/06 21:18:15.0237 0988 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/06 21:18:15.0424 0988 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/06 21:18:15.0580 0988 Point32 (3b6973d60bde757c53bb76842d31318e) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/03/06 21:18:15.0690 0988 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/06 21:18:15.0799 0988 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/06 21:18:15.0862 0988 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/06 21:18:15.0956 0988 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/06 21:18:16.0206 0988 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/06 21:18:16.0299 0988 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/06 21:18:16.0362 0988 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/06 21:18:16.0440 0988 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/06 21:18:16.0503 0988 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/06 21:18:16.0565 0988 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/06 21:18:16.0737 0988 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/06 21:18:16.0784 0988 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/06 21:18:16.0846 0988 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/06 21:18:16.0909 0988 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/06 21:18:17.0081 0988 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/06 21:18:17.0190 0988 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/06 21:18:17.0284 0988 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/06 21:18:17.0409 0988 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/06 21:18:17.0518 0988 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/03/06 21:18:17.0643 0988 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/03/06 21:18:17.0722 0988 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/06 21:18:17.0940 0988 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/06 21:18:18.0034 0988 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/03/06 21:18:18.0159 0988 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/06 21:18:18.0237 0988 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/06 21:18:18.0315 0988 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/06 21:18:18.0440 0988 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/06 21:18:18.0519 0988 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/06 21:18:18.0597 0988 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/06 21:18:18.0659 0988 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/06 21:18:18.0784 0988 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/06 21:18:18.0925 0988 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/06 21:18:19.0128 0988 SSKBFD (49038e2e298abafe720dc3d5d2cd6e37) C:\WINDOWS\system32\Drivers\sskbfd.sys
2011/03/06 21:18:19.0222 0988 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/06 21:18:19.0362 0988 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/06 21:18:19.0456 0988 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/06 21:18:19.0550 0988 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/06 21:18:19.0659 0988 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/06 21:18:19.0769 0988 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/06 21:18:19.0894 0988 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/06 21:18:20.0066 0988 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/06 21:18:20.0175 0988 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/06 21:18:20.0269 0988 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/06 21:18:20.0394 0988 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/06 21:18:20.0503 0988 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
2011/03/06 21:18:20.0581 0988 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
2011/03/06 21:18:20.0691 0988 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
2011/03/06 21:18:20.0738 0988 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2011/03/06 21:18:20.0816 0988 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/06 21:18:20.0941 0988 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/06 21:18:21.0097 0988 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/06 21:18:21.0207 0988 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/06 21:18:21.0285 0988 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/06 21:18:21.0347 0988 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/06 21:18:21.0425 0988 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/06 21:18:21.0535 0988 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/06 21:18:21.0629 0988 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/06 21:18:21.0675 0988 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/06 21:18:21.0738 0988 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/06 21:18:21.0816 0988 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/06 21:18:21.0957 0988 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/06 21:18:22.0082 0988 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/06 21:18:22.0160 0988 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/06 21:18:22.0301 0988 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/06 21:18:22.0410 0988 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/03/06 21:18:22.0566 0988 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/06 21:18:22.0769 0988 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/06 21:18:22.0894 0988 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/06 21:18:23.0004 0988 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/06 21:18:23.0238 0988 ================================================================================
2011/03/06 21:18:23.0238 0988 Scan finished
2011/03/06 21:18:23.0238 0988 ================================================================================

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
Downloaded & ran RKU program as instructed (took a long time to complete file scan.) I also noticed my missing data folder(s) are listed in the report as 'Hidden'. Hope I can get them back(?) Thank you for your continued assistance. Report log is long; will send in 2-3 posts. Here is part 1:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x8061ACEC-->8656F6A0 [Unknown module filename]
ntkrnlpa.exe-->NtCreateMutant, Type: Address change 0x8060E210-->864D8420 [Unknown module filename]
ntkrnlpa.exe-->NtCreateProcess, Type: Address change 0x805C7582-->8656E4A0 [Unknown module filename]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Address change 0x805C74CC-->8656E7A0 [Unknown module filename]
ntkrnlpa.exe-->NtCreateSymbolicLinkObject, Type: Address change 0x805B96E8-->864D87E0 [Unknown module filename]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x805C736A-->86570F40 [Unknown module filename]
ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x8061B188-->8656FCA0 [Unknown module filename]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x8061B358-->865705A0 [Unknown module filename]
ntkrnlpa.exe-->NtDuplicateObject, Type: Address change 0x805B39A2-->864D89C0 [Unknown module filename]
ntkrnlpa.exe-->NtLoadDriver, Type: Address change 0x8057969A-->864D8120 [Unknown module filename]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805C13F8-->8656EAA0 [Unknown module filename]
ntkrnlpa.exe-->NtOpenSection, Type: Address change 0x8059F84C-->86570B80 [Unknown module filename]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805C1684-->8656EDA0 [Unknown module filename]
ntkrnlpa.exe-->NtRenameKey, Type: Address change 0x8061A70E-->8656FFA0 [Unknown module filename]
ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x8061C6CC-->865702A0 [Unknown module filename]
ntkrnlpa.exe-->NtSetSystemInformation, Type: Address change 0x806068D6-->864D8600 [Unknown module filename]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x8061925E-->8656F9A0 [Unknown module filename]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805C8DA6-->8656F0A0 [Unknown module filename]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805C8FA0-->8656F3A0 [Unknown module filename]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805A9964-->86570D60 [Unknown module filename]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserSetWindowsHookAW, Type: Address change 0xBF85AE12-->864DAD60 [Unknown module filename]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF8578AB-->864DAB40 [Unknown module filename]
==============================================
>Processes
==============================================
0x86DC69C8 [4] System
0x868B5A68 [256] C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation, Battery backup management service)
0x868BF588 [268] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard, hpwuSchd Application)
0x865CC020 [284] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited, RIM Auto Update)
0x866DA4B0 [344] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc., RealNetworks Scheduler)
0x86889268 [524] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x8691BDA0 [580] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x86786568 [604] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation, Macrovision Software Manager)
0x867ABDA0 [628] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8673C900 [652] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x866EC950 [696] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8679D6E8 [708] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x866E6650 [868] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86713C10 [896] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc., GoogleToolbarNotifier)
0x86566DA0 [944] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86C304C8 [1008] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x866F2020 [1040] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x867A2980 [1080] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86C947E8 [1228] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8689FBE0 [1332] C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc., AcroTray)
0x864DCA80 [1412] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x867AF4D8 [1440] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x86C29C08 [1684] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8604ADA0 [1796] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x867457E8 [1864] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x866F3DA0 [1932] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x866E8158 [1948] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation, persistence Module)
0x86750DA0 [1968] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc., SMax4PNP MFC Application)
0x8649D228 [1976] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x86C92DA0 [1984] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp., CyberLink PowerCinema Resident Program)
0x864BF228 [2004] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation, Type32.exe)
0x864D5DA0 [2016] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation, Point32.exe)
0x86C323D0 [2044] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc., Trend Micro Client Session Agent Monitor)
0x86886A68 [2068] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co., HP Digital Imaging Monitor)
0x86666BE0 [2140] C:\WINDOWS\system32\HPZipm12.exe (HP, PML Driver)
0x86C8E020 [2408] C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co., )
0x8671DA48 [2508] C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation, PowerChute system tray power icon)
0x8613C718 [2636] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x86041020 [2952] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x8657BB10 [3016] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x868E92D0 [3500] C:\Documents and Settings\Rick\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\pskuMH.exe (UG North, RKULE, SR2 Normandy)
0x86904B60 [248] C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc., Trend Micro Anti-Malware Solution Platform)
0x866F6928 [464] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc., Trend Micro Client Session Agent)
0x86771DA0 [1960] C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc., Trend Micro Anti-Malware Solution Platform)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF71ED000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xF705A000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF73CB000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA97B9000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xA985A000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6F68000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA997C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8BFE000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF159000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA84B5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7154000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xA90BD000 C:\WINDOWS\system32\DRIVERS\tmcomm.sys 212992 bytes (Trend Micro Inc., TrendMicro Common Module)
0xF6FEE000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF750F000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9119000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF739E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA7093000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA98F2000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA9954000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF74B9000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA9834000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7130000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7194000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF710D000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA834F000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA9932000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF71B8000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 135168 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7481000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74DF000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA8F9E000 C:\WINDOWS\system32\DRIVERS\tmactmon.sys 118784 bytes (Trend Micro Inc., TrendMicro Activity Monitor Module)
0xF7384000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74A1000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9779000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7458000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF702F000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA991D000 C:\WINDOWS\system32\DRIVERS\tmtdi.sys 86016 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))
0xA93F4000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7046000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF71D9000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA99D5000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF746F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xA8FE3000 C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys 73728 bytes (Trend Micro Inc., TrendMicro Event Management Module)
0xF74FE000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF701E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF773E000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF779E000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF777E000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF776E000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF77AE000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF771E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF783E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF767E000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF772E000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF77BE000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF765E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76BE000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF77DE000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF786E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF778E000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF764E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77CE000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF763E000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF781E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF77FE000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF766E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF788E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF775E000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF77EE000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF785E000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA7428000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF768E000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF787E000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF79DE000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF78E6000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7A26000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF79D6000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7A36000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7906000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xF78BE000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF79FE000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xF78EE000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF78FE000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF78F6000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF7A06000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7A0E000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7996000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF79CE000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7A3E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7A46000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78C6000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7916000 C:\WINDOWS\system32\DRIVERS\point32.sys 20480 bytes (Microsoft Corporation, Point32.sys)
0xF79EE000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF79F6000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF79E6000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF793E000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA9419000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF7A56000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF6FCA000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF6FE2000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7ADA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9645000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7343000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF6FEA000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7A4E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A52000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA98EE000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7347000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7B0E000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF6FDE000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF733B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7B16000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B88000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B42000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B9C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B86000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B3E000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B8A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B8C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B7C000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7B80000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B84000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B40000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CD7000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D8C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C2B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C06000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

descriptionXP Anti-Spyware 2011 EmptyRe: XP Anti-Spyware 2011

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum