BleepingComputer.com: For Boopme

Referred from here: http://www.bleepingcomputer.com/forums/topic347564.html ~ OB

Couldn't run the Gmer it keep causing the blue screen of death.




DDS (Ver_10-03-17.01) - NTFSx86
Run by Sam at 16:19:16.09 on 25/09/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.3454.1600 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Sam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uPolicies-explorer: New Value #1 =
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoViewContextMenu = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\sam\appdata\roaming\mozilla\firefox\profiles\ys7q1nht.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cyclingnews.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\programdata\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\programdata\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\nexoneu\ngm\npNxGameeu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programdata\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programdata\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programdata\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programdata\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programdata\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programdata\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programdata\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programdata\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programdata\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-6-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 67656]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-5-14 38240]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 14896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\drivers\RTL85n86.sys [2009-3-22 354816]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-24 23:27:10 0 d-----w- c:\users\sam\appdata\roaming\Raptr
2010-09-24 23:27:10 0 d-----w- c:\program files\Raptr
2010-09-24 23:25:19 0 d-----w- c:\program files\Vuze
2010-09-24 23:25:08 0 d-----w- c:\program files\Conduit
2010-09-24 20:03:16 65536 --sha-w- c:\users\sam\ntuser.dat{29ec6ec9-c7c5-11df-aae6-001fe2095deb}.TM.blf
2010-09-24 20:03:16 524288 --sha-w- c:\users\sam\ntuser.dat{29ec6ec9-c7c5-11df-aae6-001fe2095deb}.TMContainer00000000000000000002.regtrans-ms
2010-09-24 20:03:16 524288 --sha-w- c:\users\sam\ntuser.dat{29ec6ec9-c7c5-11df-aae6-001fe2095deb}.TMContainer00000000000000000001.regtrans-ms
2010-09-24 19:38:20 0 d-----w- c:\windows\$regcmp$
2010-09-22 10:41:46 0 d-----w- c:\programdata\PMB Files
2010-09-22 10:41:24 0 d-----w- c:\program files\GamersFirst
2010-09-20 12:35:07 0 d-----w- c:\program files\Sophos
2010-09-15 20:41:06 151552 ---ha-w- c:\program files\Cigarrette.exe
2010-09-15 20:41:06 151552 ---h--w- c:\windows\system\Cigarrette.exe
2010-09-15 20:41:06 151552 ---h--w- C:\Cigarrette.exe
2010-09-15 20:41:03 151552 ---h--w- c:\windows\Cigarrette.exe
2010-09-15 08:36:16 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 08:36:13 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 08:36:11 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 08:36:07 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-31 15:13:54 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-31 15:13:50 0 d-----w- c:\programdata\id Software
2010-08-27 17:05:56 65536 --sha-w- c:\users\sam\ntuser.dat{b92306fa-b1e8-11df-89c1-001fe2095deb}.TM.blf
2010-08-27 17:05:56 524288 --sha-w- c:\users\sam\ntuser.dat{b92306fa-b1e8-11df-89c1-001fe2095deb}.TMContainer00000000000000000002.regtrans-ms
2010-08-27 17:05:56 524288 --sha-w- c:\users\sam\ntuser.dat{b92306fa-b1e8-11df-89c1-001fe2095deb}.TMContainer00000000000000000001.regtrans-ms

==================== Find3M ====================

2010-09-25 15:14:40 99 ----a-w- c:\users\sam\jagex_runescape_preferences2.dat
2010-09-25 14:38:13 40 ----a-w- c:\users\sam\jagex__preferences3.dat
2010-09-25 14:35:03 69 ----a-w- c:\users\sam\jagex_runescape_preferences.dat
2010-08-31 15:24:20 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-31 15:24:06 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-31 15:13:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-22 21:43:15 139152 ----a-w- c:\users\sam\appdata\roaming\PnkBstrK.sys
2010-08-14 20:11:23 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-08 20:17:29 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-08 20:17:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-08 20:17:27 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-08 20:16:44 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-29 03:33:33 136896 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-28 17:23:36 3154920 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-07-28 17:23:36 1829992 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-07-28 17:23:24 64616 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-07-28 17:23:24 367208 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-07-28 17:23:24 3604584 ----a-w- c:\windows\system32\RtkAPO.dll
2010-07-28 17:23:02 371816 ----a-w- c:\windows\system32\RCoRes.dat
2010-07-27 12:54:00 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-07-22 15:48:38 214352 ----a-w- c:\windows\system32\SFNHK.dll
2010-07-22 15:48:32 68944 ----a-w- c:\windows\system32\SFAPO.dll
2010-07-22 15:48:26 74064 ----a-w- c:\windows\system32\SFCOM.dll
2010-07-22 15:37:26 175200 ----a-w- c:\windows\system32\AERTACap.dll
2010-07-06 10:48:32 1327104 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2010-07-01 12:43:30 104160 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2010-07-01 12:43:28 104672 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2010-07-01 12:43:24 104672 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2010-06-27 16:15:00 252928 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2009-10-28 21:27:53 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-02-21 16:11:33 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-02-21 16:11:33 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-02-21 16:11:33 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-06-12 22:57:00 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-12 22:57:00 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-12 22:57:00 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-12 22:57:00 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-06-04 09:14:37 16384 --sha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat
2008-04-21 14:46:25 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:19:40.97 ===============

This post has been edited by Orange Blossom: 27 September 2010 - 02:11 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

1. Do not run any other tool untill instructed to do so!
2. Please Do not Attach logs or put in code boxes.
3. Tell me about any problems that have occurred during the fix.
4. Tell me of any other symptoms you may be having as these can help also.
5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

Please download DDS by sUBs from one of the links below and save it to your desktop:


Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

• Double-Click on dds.scr and a command window will appear. This is normal.
• Shortly after two logs will appear:
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

• Please Download Rootkit Unhooker Save it to your desktop.
• Now double-click on RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
• Wait till the scanner has finished and then click File, Save Report.
• Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

information and logs:

In your next post I need the following

1.logs from DDS
2.log from RKUnHooker
3.let me know of any problems you may have had

Gringo

DDS (Ver_10-03-17.01) - NTFSx86
Run by Sam at 16:28:53.61 on 01/10/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.3454.2285 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\ProgramData\Mozilla Firefox\firefox.exe
C:\ProgramData\Mozilla Firefox\plugin-container.exe
C:\Users\Sam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uPolicies-explorer: NoViewContextMenu = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoViewContextMenu = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\sam\appdata\roaming\mozilla\firefox\profiles\ys7q1nht.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cyclingnews.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\programdata\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\programdata\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\nexoneu\ngm\npNxGameeu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programdata\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programdata\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programdata\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programdata\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programdata\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programdata\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programdata\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programdata\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programdata\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programdata\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programdata\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programdata\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programdata\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-6-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-5-14 38240]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 14896]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-16 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\drivers\RTL85n86.sys [2009-3-22 354816]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-01 15:21:36 20 ----a-w- c:\users\sam\defogger_reenable
2010-09-30 11:50:37 0 d-----w- c:\windows\OvtCam
2010-09-30 11:48:00 61440 ----a-w- c:\windows\ov519dib.dll
2010-09-30 11:48:00 40960 ----a-w- c:\windows\system32\ov519ext.dll
2010-09-30 11:48:00 40960 ----a-w- c:\windows\CleanDev.exe
2010-09-30 11:48:00 32528 ----a-w- c:\windows\amcap.exe
2010-09-30 11:48:00 307200 ----a-w- c:\windows\vidcap32.exe
2010-09-30 11:48:00 25211 ----a-w- c:\windows\system32\drivers\ov519cmd.sys
2010-09-30 11:48:00 25099 ----a-w- c:\windows\system32\ov519ext.ax
2010-09-30 11:48:00 200704 ----a-w- c:\windows\sel3110.exe
2010-09-30 11:48:00 174530 ----a-w- c:\windows\system32\drivers\ov519vid.sys
2010-09-30 11:48:00 16426 ----a-w- c:\windows\system32\ov519usd.dll
2010-09-30 11:48:00 135168 ----a-w- c:\windows\ov519cap.exe
2010-09-29 23:51:47 0 d-----w- c:\program files\NirSoft
2010-09-29 22:00:29 0 d-----w- c:\program files\MozBackup
2010-09-29 11:53:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-24 23:27:10 0 d-----w- c:\users\sam\appdata\roaming\Raptr
2010-09-24 23:27:10 0 d-----w- c:\program files\Raptr
2010-09-24 23:25:19 0 d-----w- c:\program files\Vuze
2010-09-24 23:25:08 0 d-----w- c:\program files\Conduit
2010-09-24 20:03:16 65536 --sha-w- c:\users\sam\ntuser.dat{29ec6ec9-c7c5-11df-aae6-001fe2095deb}.TM.blf
2010-09-24 20:03:16 524288 --sha-w- c:\users\sam\ntuser.dat{29ec6ec9-c7c5-11df-aae6-001fe2095deb}.TMContainer00000000000000000002.regtrans-ms
2010-09-24 20:03:16 524288 --sha-w- c:\users\sam\ntuser.dat{29ec6ec9-c7c5-11df-aae6-001fe2095deb}.TMContainer00000000000000000001.regtrans-ms
2010-09-24 19:38:20 0 d-----w- c:\windows\$regcmp$
2010-09-22 10:41:46 0 d-----w- c:\programdata\PMB Files
2010-09-22 10:41:24 0 d-----w- c:\program files\GamersFirst
2010-09-15 08:36:16 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 08:36:13 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 08:36:11 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 08:36:07 739328 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-10-01 15:21:12 69 ----a-w- c:\users\sam\jagex_runescape_preferences.dat
2010-10-01 15:21:12 40 ----a-w- c:\users\sam\jagex__preferences3.dat
2010-10-01 15:19:41 99 ----a-w- c:\users\sam\jagex_runescape_preferences2.dat
2010-09-30 11:50:34 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-30 11:50:34 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-30 11:50:30 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-31 15:24:20 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-31 15:24:06 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-31 15:13:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-31 15:13:54 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-22 21:43:15 139152 ----a-w- c:\users\sam\appdata\roaming\PnkBstrK.sys
2010-08-14 20:11:23 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-08 20:16:44 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-29 03:33:33 136896 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-28 17:23:36 1829992 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-07-28 17:23:24 64616 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-07-28 17:23:24 367208 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-07-28 17:23:24 3604584 ----a-w- c:\windows\system32\RtkAPO.dll
2010-07-28 17:23:02 371816 ----a-w- c:\windows\system32\RCoRes.dat
2010-07-27 12:54:00 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-07-22 15:48:38 214352 ----a-w- c:\windows\system32\SFNHK.dll
2010-07-22 15:48:32 68944 ----a-w- c:\windows\system32\SFAPO.dll
2010-07-22 15:48:26 74064 ----a-w- c:\windows\system32\SFCOM.dll
2010-07-22 15:37:26 175200 ----a-w- c:\windows\system32\AERTACap.dll
2010-07-06 10:48:32 1327104 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2009-10-28 21:27:53 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-02-21 16:11:33 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-02-21 16:11:33 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-02-21 16:11:33 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-06-12 22:57:00 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-12 22:57:00 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-12 22:57:00 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-12 22:57:00 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-06-04 09:14:37 16384 --sha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat
2008-04-21 14:46:25 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:30:37.08 ===============




RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #4
==============================================
>Drivers
==============================================
0x91002000 C:\Windows\system32\DRIVERS\atikmdag.sys 5320704 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82248000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82248000 PnpManager 3903488 bytes
0x82248000 RAW 3903488 bytes
0x82248000 WMIxWDM 3903488 bytes
0x91C0D000 C:\Windows\system32\drivers\RTKVHDA.sys 3149824 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x9A6A0000 Win32k 2109440 bytes
0x9A6A0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B405000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82C01000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x82E07000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80470000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9DE02000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9C605000 C:\Windows\system32\DRIVERS\eamon.sys 770048 bytes (ESET, Amon monitor)
0x9C6E4000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x91515000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x9180E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80550000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x80780000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x81413000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x81583000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x806A9000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x92681000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8060D000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x82FAA000 C:\Windows\system32\DRIVERS\Rtlh86.sys 270336 bytes (Realtek , Realtek 8136/8168/8169 NDIS6 32-bit Driver )
0x8042F000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x82F0C000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x82D72000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9275A000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82D37000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8150B000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8B515000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x82DB0000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82215000 ACPI_HAL 208896 bytes
0x82215000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8073E000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x926C9000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x91900000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8B5CF000 C:\Windows\system32\DRIVERS\ahcix86s.sys 188416 bytes (ATI Technologies Inc., ATI Technology AHCI Compatible Controller Driver for Windows family)
0x927CE000 C:\Windows\System32\Drivers\dump_ahcix86s.sys 188416 bytes
0x91F0E000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82D0C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x919D4000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9C7C2000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9261F000 C:\Windows\System32\Drivers\ov519vid.sys 167936 bytes (OmniVision Technologies, Inc., Dual Mode USB Camera 519 Stream Class Mini Driver)
0x8B565000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80664000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8155C000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x91F3B000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x9C6C1000 C:\Windows\system32\DRIVERS\epfw.sys 143360 bytes (ESET, ESET Personal Firewall driver)
0x9195C000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x92732000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8B59D000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x814CB000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x91FB0000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x814EC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x80720000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9C794000 C:\Windows\system32\DRIVERS\irda.sys 122880 bytes (Microsoft Corporation, IRDA Protocol Driver)
0x91F77000 C:\Windows\system32\DRIVERS\ehdrv.sys 118784 bytes (ESET, ESET Helper driver)
0x81480000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x82EF1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x82F66000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9189B000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x8149D000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x915C2000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x81544000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x918BF000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x927A0000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x9193A000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x92608000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9DEF6000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x926FB000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x805D9000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x814B6000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x919A2000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9198E000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9266D000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x918D7000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x81400000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9271F000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9265B000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver)
0x8B58C000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x82FEC000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80416000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x80770000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91FDA000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9C7B2000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80708000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x919B7000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x82F57000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8B556000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8068B000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x82F9B000 C:\Windows\system32\DRIVERS\processr.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x9197F000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x915E4000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8069A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x9A8E0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x815D8000 C:\Windows\system32\DRIVERS\epfwwfp.sys 57344 bytes (ESET, ESET Personal Firewall driver)
0x92711000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x82DE5000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806FA000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x927B7000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x92648000 C:\Windows\System32\Drivers\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x915F3000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805CC000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9DEEA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x91FA4000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x915B6000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x918F5000 C:\Windows\system32\DRIVERS\Epfwndis.sys 45056 bytes (ESET, ESET Personal Firewall NDIS filter)
0x918EA000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x919C7000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x91C00000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91951000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9192F000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x927C4000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x82F4D000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x91800000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9C7EC000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x92796000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9DEE0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x918B5000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x915DA000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8B5C6000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x91F60000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x91FD1000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9DF12000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82DF3000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9A8C0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x82F92000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80653000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80718000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8B5BE000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)
0x80427000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x91F94000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8065C000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x91FEC000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x91FF4000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B54E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x806F3000 C:\Windows\system32\DRIVERS\amdide.sys 28672 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver)
0x91F70000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x91F9D000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8040F000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x91F69000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x815D1000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x92655000 C:\Windows\System32\Drivers\ov519cmd.sys 24576 bytes (OmniVision Technologies Inc., Dual Mode USB Camera 519 Universal Serial Bus Camera Driver)
0x92754000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x9DF0E000 C:\Windows\system32\drivers\MSPCLOCK.sys 8192 bytes (Microsoft Corporation, MS Proxy Clock)
0x9DF0C000 C:\Windows\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0x9DF10000 C:\Windows\system32\DRIVERS\psi_mf.sys 8192 bytes (Secunia, Secunia PSI Driver)
0x919D2000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x91FEA000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x87A8CF53 Unknown page with executable code, 173 bytes
0x879832D0 Unknown page with executable code, 3376 bytes
0x87985E44 Unknown page with executable code, 444 bytes
0x8798DD66 Unknown page with executable code, 666 bytes

The problem is i cant right click on my Desktop. The icons nor can i right click my C drive or right click a file and re-name it. Right clicking My computer, properties nothing comes up.

This post has been edited by samuel3: 01 October 2010 - 10:39 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

ComboFix 10-10-01.07 - Sam 02/10/2010 17:09:47.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3454.2404 [GMT 1:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Sam\AppData\Roaming\ezpinst.log
c:\users\Sam\AppData\Roaming\inst.exe
c:\users\Sam\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.ComfyCakesSave-ms.pif

.
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.

2010-09-30 11:50 . 2010-09-30 11:50 -------- d-----w- c:\windows\OvtCam
2010-09-30 11:48 . 2003-10-15 16:52 307200 ----a-w- c:\windows\vidcap32.exe
2010-09-30 11:48 . 2003-10-15 16:52 200704 ----a-w- c:\windows\sel3110.exe
2010-09-30 11:48 . 2003-10-15 16:52 174530 ----a-w- c:\windows\system32\drivers\ov519vid.sys
2010-09-30 11:48 . 2003-10-15 16:52 16426 ----a-w- c:\windows\system32\ov519usd.dll
2010-09-30 11:48 . 2003-10-15 16:52 61440 ----a-w- c:\windows\ov519dib.dll
2010-09-30 11:48 . 2003-10-15 16:52 40960 ----a-w- c:\windows\system32\ov519ext.dll
2010-09-30 11:48 . 2003-10-15 16:52 25211 ----a-w- c:\windows\system32\drivers\ov519cmd.sys
2010-09-30 11:48 . 2003-10-15 16:52 135168 ----a-w- c:\windows\ov519cap.exe
2010-09-30 11:48 . 2003-10-15 16:52 40960 ----a-w- c:\windows\CleanDev.exe
2010-09-30 11:48 . 2003-10-15 16:52 32528 ----a-w- c:\windows\amcap.exe
2010-09-29 23:51 . 2010-09-29 23:51 -------- d-----w- c:\program files\NirSoft
2010-09-29 11:53 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-26 15:06 . 2010-09-26 15:06 92280 ----a-w- c:\users\Sam\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll
2010-09-25 10:44 . 2010-09-25 10:44 310208 ----a-w- c:\users\Sam\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
2010-09-24 23:27 . 2010-09-24 23:33 -------- d-----w- c:\users\Sam\AppData\Roaming\Raptr
2010-09-24 23:27 . 2010-09-24 23:32 -------- d-----w- c:\program files\Raptr
2010-09-24 23:25 . 2010-09-24 23:25 -------- d-----w- c:\program files\Vuze
2010-09-24 23:25 . 2010-09-24 23:25 -------- d-----w- c:\program files\Conduit
2010-09-24 19:38 . 2010-09-24 19:47 -------- d-----w- c:\windows\$regcmp$
2010-09-22 10:41 . 2010-09-24 11:00 -------- d-----w- c:\users\Sam\AppData\Local\PMB Files
2010-09-22 10:41 . 2010-09-22 10:47 -------- d-----w- c:\programdata\PMB Files
2010-09-22 10:41 . 2010-09-22 10:41 238776 ----a-w- c:\programdata\Mozilla Firefox\plugins\npPandoWebInst.dll
2010-09-22 10:41 . 2010-09-23 20:16 -------- d-----w- c:\program files\GamersFirst
2010-09-15 08:36 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 08:36 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 08:36 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 08:36 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-06 19:29 . 2010-09-08 05:38 -------- d-----w- c:\users\Sam\AppData\Roaming\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 16:08 . 2010-01-31 16:00 -------- d-----w- c:\users\Sam\AppData\Roaming\Skype
2010-10-02 16:05 . 2010-03-24 17:42 40 ----a-w- c:\users\Sam\jagex__preferences3.dat
2010-10-02 16:05 . 2008-11-08 02:42 69 ----a-w- c:\users\Sam\jagex_runescape_preferences.dat
2010-10-02 16:05 . 2009-09-02 13:05 99 ----a-w- c:\users\Sam\jagex_runescape_preferences2.dat
2010-10-02 16:03 . 2008-11-08 00:19 -------- d-----w- c:\users\Sam\AppData\Roaming\mIRC
2010-10-02 15:54 . 2008-11-08 01:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-02 14:48 . 2008-11-08 00:19 -------- d-----w- c:\program files\mIRC
2010-10-01 20:50 . 2008-11-08 00:20 -------- d-----w- c:\program files\CCleaner
2010-10-01 15:21 . 2010-06-23 11:11 -------- d-----w- c:\programdata\Mozilla Firefox
2010-09-30 11:50 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-30 11:50 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-30 11:50 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-09-30 11:21 . 2010-05-10 15:24 63488 ----a-w- c:\users\Sam\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-30 11:21 . 2009-07-18 16:42 117760 ----a-w- c:\users\Sam\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-30 11:20 . 2009-05-14 15:28 -------- d-----w- c:\program files\SpywareBlaster
2010-09-29 19:04 . 2010-07-15 16:13 1 ----a-w- c:\users\Sam\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-29 15:53 . 2008-11-08 17:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-28 20:03 . 2009-04-13 17:50 -------- d-----w- c:\users\Sam\AppData\Roaming\Spotify
2010-09-26 15:25 . 2009-04-04 18:23 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-26 15:06 . 2009-04-04 18:23 -------- d-----w- c:\users\Sam\AppData\Roaming\SystemRequirementsLab
2010-09-25 15:21 . 2009-06-12 19:22 -------- d-----w- c:\users\Sam\AppData\Roaming\Azureus
2010-09-25 09:30 . 2010-06-10 14:53 -------- d-----w- c:\program files\uTorrent
2010-09-24 23:26 . 2009-11-12 17:37 -------- d-----w- c:\users\Sam\AppData\Roaming\uTorrent
2010-09-15 20:52 . 2009-07-18 16:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-15 08:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-31 15:24 . 2010-08-22 20:04 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-31 15:24 . 2010-08-22 20:04 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-31 15:13 . 2010-08-22 20:03 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-31 15:13 . 2010-08-31 15:13 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-31 15:13 . 2010-08-31 15:13 -------- d-----w- c:\programdata\id Software
2010-08-22 21:43 . 2009-07-03 22:28 139152 ----a-w- c:\users\Sam\AppData\Roaming\PnkBstrK.sys
2010-08-22 21:43 . 2009-07-03 22:28 139152 ----a-w- c:\users\Sam\AppData\Roaming\PnkBstrK.sys
2010-08-22 19:44 . 2010-08-22 19:44 -------- d-----w- c:\program files\USArmy
2010-08-22 13:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-08-21 13:59 . 2010-08-21 13:59 680 ----a-w- c:\users\Sam 3\AppData\Local\d3d9caps.dat
2010-08-20 18:29 . 2010-08-20 18:29 -------- d-----w- c:\programdata\Nexon
2010-08-20 18:29 . 2010-08-20 17:27 -------- d-----w- c:\programdata\NexonEU
2010-08-20 17:27 . 2010-08-20 17:27 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2010-08-20 17:27 . 2010-08-20 17:27 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2010-08-20 17:27 . 2010-08-20 17:27 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2010-08-20 17:27 . 2010-08-20 17:27 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2010-08-20 17:27 . 2010-08-20 17:27 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2010-08-20 17:27 . 2010-08-20 17:27 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2010-08-14 20:12 . 2010-08-14 20:12 -------- d-----w- c:\program files\Common Files\Java
2010-08-14 20:11 . 2010-08-14 20:11 423656 ----a-w- c:\programdata\Mozilla Firefox\plugins\npdeployJava1.dll
2010-08-14 20:11 . 2010-05-12 11:48 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-14 20:11 . 2010-08-14 20:11 -------- d-----w- c:\program files\Java
2010-08-13 06:03 . 2010-08-13 06:03 103864 ----a-w- c:\programdata\Mozilla Firefox\plugins\nppdf32.dll
2010-08-11 18:59 . 2008-06-17 16:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-11 17:54 . 2010-02-25 20:59 -------- d--h--w- c:\users\Sam\AppData\Roaming\ijjigame
2010-08-11 17:03 . 2010-08-11 17:03 1185635440 ----a-w- c:\users\Sam\AppData\Roaming\ijjigame\U_Karma_Setup.exe
2010-08-08 20:19 . 2010-07-05 21:53 -------- d--h--w- c:\program files\Temp
2010-08-08 20:16 . 2008-06-17 16:20 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-15 16:32 . 2008-06-07 10:10 75224 ----a-w- c:\users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-06 10:48 . 2010-08-08 20:16 1327104 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2008-04-21 14:46 . 2008-04-21 14:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 12:30 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GarenaPEngine;GarenaPEngine;c:\users\Sam\AppData\Local\Temp\DAJ5314.tmp [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-01 c:\windows\Tasks\User_Feed_Synchronization-{B57A7C02-C00E-4785-9688-C77053FF0FEB}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ys7q1nht.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cyclingnews.com/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\programdata\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programdata\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programdata\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 17:16
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Sam\AppData\Local\Temp\DAJ5314.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\386D.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{82725587-6e2c-4596-b0b9-766834f70068}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0b00173f
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d308db8f-ad6d-4add-a3bd-51a2b29ddfad}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001c25
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d94c3482-a7e3-433a-a50a-e18ee22a17fd}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1000173f
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{fe6a99c7-ef44-4513-b18c-b760ae63941a}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14020054
"Dhcpv6State"=dword:00000000
.
Completion time: 2010-10-02 17:19:01
ComboFix-quarantined-files.txt 2010-10-02 16:18

Pre-Run: 240,841,003,008 bytes free
Post-Run: 240,844,328,960 bytes free

- - End Of File - - F92C056065E797C1A420758C15041670

I can now right click normally.

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

Clear your Java Cache

• click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

• Please download TFC to your desktop,
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

I would like you to rerun MBAM

• Double-click mbam icon
• go to the update tab at the top
• click on check for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

• Go Here to download HijackThis Installer
• Save HijackThis Installer to your desktop.
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

In your next post I need the following

1. Log From MBAM
2. report from Hijackthis
3. let me know of any problems you may have had
4. How is the computer doing now?

Gringo

HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:25:00, on 02/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\ProgramData\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

--
End of file - 3353 bytes



MBRAM - Will do this tomorrow only have 5 minutes left.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4734

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

02/10/2010 23:29:25
mbam-log-2010-10-02 (23-29-25).txt

Scan type: Quick scan
Objects scanned: 148817
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello

looks very good


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• click on the ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
  • Click Start
• When asked, allow the activex control to install
  • Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options
  Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic

Gringo

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a98b21113bb62946958dcdbded44feca
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-03 04:43:14
# local_time=2010-10-03 05:43:14 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=256 16777215 100 0 0 0 0 0
# compatibility_mode=512 16777215 100 0 62477 62477 0 0
# compatibility_mode=5892 16776573 100 100 99340 123653440 0 0
# compatibility_mode=8201 39157181 100 97 16472 43808648 0 0
# scanned=115957
# found=0
# cleaned=0
# scan_time=3482
# nod_component=V3 Build:0x30000000

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

To re-enable your Emulation drivers, double click DeFogger to run the tool.
• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

• turn off all active protection software
• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• please copy and past the following into the box ComboFix /Uninstall and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
• 

:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.
• If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:

• Go to Start > All Programs > Accessories > System Tools > System Restore
• Select Create a restore point, and Ok it.
• Next, go to Start > Run and type in cleanmgr
• choose your root drive (normally C:)
• after it calculates how much space you will save it will open up a new window
• Select the More options tab at the top of the window
• Choose the option to clean up system restore and OK it.
• go back to the disk clean up tab
• put a checkmark in all - except compress old files (leave this unchecked)
• click Ok then click yes

This will remove all restore points except the new one you just created and clean unneeded files

:Make your Internet Explorer more secure:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialise and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  Next press the Apply button and then the OK to exit the Internet Properties page.

:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox

:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  
• Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  
• Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

please read this great article by miekiemoes How to prevent Malware:

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Gringo

I could not do this -

Select Create a restore point, and Ok it

Its different on Vista.

[/URL]

Ok.. I do have another computer do i need to make a new post? This i think is also infected.

I have DDS log, Attach and Report from RKUnhookerLe.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Bobby at 22:56:07.93 on 03/10/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1942 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\lxctcoms.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
c:\program files\teamviewer\version5\TeamViewer_Desktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bobby\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100921221001.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - No File
TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\bobby\appdata\local\micros~1\windows\tempor~1\content.ie5\rq693mpv\sights~1.sh! c:\users\bobby\appdata\local\micros~1\windows\tempor~1\content.ie5\grmb7zna\SIGHTS~2.SH!
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Free YouTube Download - c:\users\bobby\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\bobby\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - hxxps://www.coolroom.com/ActiveX/ax.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - hxxp://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\bobby\appdata\roaming\mozilla\firefox\profiles\g3601xe8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-21 386712]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-21 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-21 164808]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_238116a1\AEstSrv.exe [2008-9-18 73728]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-21 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-21 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-21 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-21 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-21 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-21 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-21 141792]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-10-3 1960744]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-21 55840]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-18 203264]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-5 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-5 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-21 312904]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 14896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-21 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-5 40552]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-03 21:55:00 0 ----a-w- c:\users\bobby\defogger_reenable
2010-09-29 05:40:53 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 10:12:02 0 d-----w- c:\program files\iPod
2010-09-28 10:12:00 0 d-----w- c:\program files\iTunes
2010-09-28 10:07:06 0 d-----w- c:\program files\Bonjour
2010-09-21 21:10:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-09-21 21:09:58 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-09-21 21:09:57 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-09-21 21:09:57 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-09-21 21:09:57 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-09-21 21:09:57 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-09-21 21:09:57 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-09-21 21:09:57 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-09-21 21:09:57 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-09-21 21:09:54 0 d-----w- c:\program files\common files\Mcafee
2010-09-21 21:09:53 0 d-----w- c:\program files\McAfee.com
2010-09-21 21:09:51 0 d-----w- c:\program files\McAfee
2010-09-19 15:53:05 0 d-----w- c:\users\bobby\appdata\roaming\DVDVideoSoft
2010-09-15 06:50:10 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 06:50:08 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 06:50:05 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 06:49:58 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-09 22:39:14 2826240 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-09-21 21:10:31 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-21 21:10:30 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-21 21:10:29 143360 ----a-w- c:\windows\inf\infstor.dat
2010-08-24 13:57:38 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 13:57:38 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-07-27 17:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 17:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2009-11-18 16:20:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-09-18 08:52:17 76 --sh--r- c:\windows\CT4CET.bin
2010-04-30 08:42:05 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-04-30 08:42:05 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-04-30 08:42:05 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2008-09-18 17:14:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:58:25.67 ===============

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F403000 C:\Windows\system32\DRIVERS\atikmdag.sys 5042176 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x8244C000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8244C000 PnpManager 3903488 bytes
0x8244C000 RAW 3903488 bytes
0x8244C000 WMIxWDM 3903488 bytes
0x952A0000 Win32k 2109440 bytes
0x952A0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8E803000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1220608 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x8A805000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8A67A000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8068D000 PCI_PNP2455 995328 bytes
0x8068D000 sptd 995328 bytes
0x8068D000 C:\Windows\System32\Drivers\spyj.sys 995328 bytes
0x8FE09000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D1000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9AC9D000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x900E4000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes
0x82A69000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8EA0B000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8F8D2000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8EAE8000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80604000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8A609000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80407000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9A256000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8FA93000 C:\Windows\system32\DRIVERS\stwrt.sys 401408 bytes (IDT, Inc., IDT PC Audio)
0x82B72000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0x8F006000 C:\Windows\system32\DRIVERS\itecir.sys 364544 bytes (ITE Tech. Inc. , ITE Consumer IR Driver for eHome)
0x8EB75000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0x9AC0F000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x9008C000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x82A0F000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8FF91000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x807AF000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8FB41000 C:\Windows\system32\DRIVERS\OA001Vid.sys 282624 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x80490000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8F0D3000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8FA02000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8F98A000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9000B000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A7B0000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9A34E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A915000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8E92D000 C:\Windows\system32\DRIVERS\k57nd60x.sys 217088 bytes (Broadcom Corporation, Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver.)
0x8EBC7000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82419000 ACPI_HAL 208896 bytes
0x82419000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x9A3C6000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x82B30000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8FF5F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8F0A4000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8E9D2000 C:\Windows\system32\DRIVERS\Apfiltr.sys 184320 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x8FA41000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8A785000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8F1AE000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9A20F000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9AC75000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8A965000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8FF0E000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x805B1000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9A39F000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x80789000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8FA6E000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x90068000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x8F141000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8A99D000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9A30E000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8FB86000 C:\Windows\system32\DRIVERS\OA001Ufd.sys 135168 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0x8FBCA000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9A32F000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x901DF000 C:\Windows\system32\DRIVERS\irda.sys 122880 bytes (Microsoft Corporation, IRDA Protocol Driver)
0x9A2C3000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8FEF3000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x901C4000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8E980000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9A2E0000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8F06A000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9A387000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90051000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8F11F000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8FB28000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9ADD8000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x9AC5D000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x8FFD9000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8FF35000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9A2F9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8F187000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8F173000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E9AB000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8FF4B000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8E9BF000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9A243000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x82BCF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8A98C000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8A9D4000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80477000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8E99A000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0x82B62000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8FB00000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8EABB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82A59000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8E962000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8F19C000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8F095000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x901B5000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A956000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x805D8000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8F164000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F9C8000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x805F1000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8E972000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x954E0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F1D8000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x8FFEF000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x8A7EB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8A9E5000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x900D7000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F1F0000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80680000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9ADB5000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0x9AD85000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9ADCC000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8FBBE000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8F973000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8FAF5000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x8F05F000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9AD91000 C:\Windows\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x8F9D7000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8EA00000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8F136000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8F114000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x9ADC1000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x8EAD4000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F97F000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x805E7000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x901AB000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8F1E6000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9A239000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90047000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9AD7B000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A9BE000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8FBA7000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8FB17000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x9ADA6000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8F9F6000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x954C0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8EADF000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F08C000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80780000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80488000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8FB20000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x807F5000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8FBEB000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8FBF3000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A94E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8FBB7000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8FB10000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80400000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8FBB0000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8F082000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8F088000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x807FD000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x9ADA4000 C:\Windows\system32\drivers\MSPCLOCK.sys 8192 bytes (Microsoft Corporation, MS Proxy Clock)
0x9ADA2000 C:\Windows\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0x9AD9C000 C:\Windows\system32\DRIVERS\psi_mf.sys 8192 bytes (Secunia, Secunia PSI Driver)
0x8F1AC000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8FB3F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x859271F8 unknown_irp_handler 3592 bytes
0x8931E1F8 unknown_irp_handler 3592 bytes
0x885C11F8 unknown_irp_handler 3592 bytes
0x874731F8 unknown_irp_handler 3592 bytes
0x8712D1F8 unknown_irp_handler 3592 bytes
0x84B601F8 unknown_irp_handler 3592 bytes
0x87AAA3E0 unknown_irp_handler 3104 bytes
0x873A9500 unknown_irp_handler 2816 bytes
0x87474500 unknown_irp_handler 2816 bytes
0x88D97500 unknown_irp_handler 2816 bytes
0x89191500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
0x06110000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 102400 bytes
0x002C0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x89721A80 ] PID: 3800, 110592 bytes
0x01BA0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 110592 bytes
0x06C10000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 126976 bytes
0x06AE0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 143360 bytes
0x07830000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 1519616 bytes
0x07DE0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 159744 bytes
0x07690000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 1691648 bytes
0x06140000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 208896 bytes
0x07060000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 225280 bytes
0x04350000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 266240 bytes
0x01C40000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x8975F938 ] PID: 3792, 28672 bytes
0x00960000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x89721A80 ] PID: 3800, 28672 bytes
0x00B60000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x89721A80 ] PID: 3800, 28672 bytes
0x02B70000 Hidden Image-->NetLib.dll [ EPROCESS 0x89661830 ] PID: 1100, 28672 bytes
0x01710000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x01730000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x01DB0000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x01CB0000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x01D30000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x01D00000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x01D20000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x01D70000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x01D60000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x01DA0000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x04E20000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x04E00000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x04E40000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x04E30000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x04E50000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x04F90000 Hidden Image-->LOCALIZATION.Foundation.Private.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x050E0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x050D0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x05120000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x05280000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x058F0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x05E30000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x05F30000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x06040000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x06070000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x06190000 Hidden Image-->atixclib.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x06980000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x06770000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x069B0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 28672 bytes
0x06720000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 315392 bytes
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x07110000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 364544 bytes
0x01D30000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x89721A80 ] PID: 3800, 36864 bytes
0x01BD0000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 36864 bytes
0x01CF0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 36864 bytes
0x01D10000 Hidden Image-->AEM.Foundation.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 36864 bytes
0x043F0000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 36864 bytes
0x05260000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 36864 bytes
0x05300000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 36864 bytes
0x05440000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 36864 bytes
0x056A0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 36864 bytes
0x05CF0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 36864 bytes
0x06050000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 36864 bytes
0x07310000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 413696 bytes
0x079B0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 413696 bytes
0x070A0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 446464 bytes
0x01C20000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x8975F938 ] PID: 3792, 45056 bytes
0x00920000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x89721A80 ] PID: 3800, 45056 bytes
0x00950000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x89721A80 ] PID: 3800, 45056 bytes
0x00AA0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 45056 bytes
0x01700000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 45056 bytes
0x01770000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 45056 bytes
0x01CC0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 45056 bytes
0x05270000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 45056 bytes
0x05290000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 45056 bytes
0x05430000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 45056 bytes
0x05690000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 45056 bytes
0x07B30000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 454656 bytes
0x07600000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 487424 bytes
0x06080000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 495616 bytes
0x05E90000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 503808 bytes
0x01D10000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x89721A80 ] PID: 3800, 53248 bytes
0x01C80000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x01CD0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x01CA0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x01D40000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x01D80000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x05240000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x052E0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x05450000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x058E0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x05F20000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x05CC0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x06060000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x06180000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 53248 bytes
0x07BA0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 593920 bytes
0x01720000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 61440 bytes
0x043E0000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 61440 bytes
0x05460000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 61440 bytes
0x05A30000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 61440 bytes
0x05A60000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 61440 bytes
0x05E20000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 61440 bytes
0x00A90000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x89721A80 ] PID: 3800, 69632 bytes
0x01740000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 69632 bytes
0x056C0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 69632 bytes
0x05A10000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 69632 bytes
0x01680000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x8975F938 ] PID: 3792, 77824 bytes
0x04F60000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 77824 bytes
0x050F0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 77824 bytes
0x052C0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 77824 bytes
0x07D10000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 815104 bytes
0x01C60000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 86016 bytes
0x052A0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 86016 bytes
0x05A80000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 86016 bytes
0x06990000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x891A5020 ] PID: 4208, 86016 bytes