BleepingComputer.com: Root Kit has been found by ComboFix but cannot be removed

Hello,

I performed clean using Microsoft Forefront and removed few Trojans ans other bugs. ComboFix and RKUnhooker indicat that Root Kit detected. Forefront see nothing. When I start Internet Explore and go from Google to another web-site pop-up window appears with you won computer message Please help.
Here are log files:
************************************************************************************
-ComboFix report:
ComboFix 11-05-19.01 - oatitov 05/20/2011 9:07.8.2 - x86
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.3566.2647 [GMT -4:00]
Running from: c:\users\oatitov\Desktop\ComboFix.exe
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
.
.
2011-05-20 13:17 . 2011-05-20 13:18 -------- d-----w- c:\users\oatitov\AppData\Local\temp
2011-05-19 20:34 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10DD13C6-32EF-450B-93ED-7AE52CCB2ACD}\mpengine.dll
2011-05-19 12:03 . 2011-05-19 12:03 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-05-19 12:03 . 2011-05-19 12:03 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2011-05-19 12:03 . 2011-05-19 12:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\IBM
2011-05-18 14:42 . 2011-05-18 14:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-05-18 13:26 . 2011-05-20 13:04 886008 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-05-05 15:27 . 2011-05-05 15:27 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8192656E-4E31-4330-B24B-3A03D179EB47}\gapaengine.dll
2011-05-05 15:27 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-05 06:01 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-05-05 06:00 . 2011-05-05 06:02 -------- d--h--w- c:\program files\Microsoft Security Client
2011-05-05 06:00 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-05-05 00:39 . 2011-04-11 07:04 7071056 ---ha-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{8AAB3B50-F865-4C60-9386-EAC3728E4389}\mpengine.dll
2011-04-27 09:00 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-21 09:16 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-21 09:16 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-21 09:16 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-21 09:16 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-21 09:16 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 09:16 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-21 09:16 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-21 09:16 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-21 09:15 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-21 09:15 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-21 09:15 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-21 09:14 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-21 09:14 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-21 09:12 . 2011-02-18 14:49 389632 ----a-w- c:\windows\system32\html.iec
2011-04-21 09:11 . 2011-02-18 16:38 834048 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 09:11 . 2011-02-18 15:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-21 09:11 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-21 09:10 . 2011-02-16 16:21 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-04-21 09:10 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-21 09:09 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-21 09:09 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-04-21 09:09 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-21 09:05 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2008-10-14 17:14 7071056 ---ha-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"SoftGridTray"="c:\program files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe" [2010-04-23 776552]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2011-03-07 5150560]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2006-12-04 20531]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2009-01-08 408088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13781536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-01-08 1310720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\users\oatitov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"MaxGPOScriptWait"= 2700 (0xa8c)
"Allow-LogonScript-NetbiosDisabled"= 1 (0x1)
"HideShutdownScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"ConfirmFileDelete"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"ConfirmFileDelete"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1010966800-777871707-395339515-117246\Scripts\Logon\0\0]
"Script"=\\PCLINC.Network.ads\SysVol\PCLINC.Network.ads\scripts\PCLlogon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1010966800-777871707-395339515-506810\Scripts\Logon\0\0]
"Script"=\\PCLINC.Network.ads\SysVol\PCLINC.Network.ads\scripts\PCLlogon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1010966800-777871707-395339515-616085\Scripts\Logon\0\0]
"Script"=\\PCLINC.Network.ads\SysVol\PCLINC.Network.ads\scripts\PCLlogon.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl59b4824f;MpKsl59b4824f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98B6D7AD-0E1A-4B8D-B0B4-2EBD93FA3FAE}\MpKsl59b4824f.sys [x]
R1 MpKsl915ac148;MpKsl915ac148;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1AD0E92B-3EC7-4349-8959-2FFFD63927A0}\MpKsl915ac148.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 810C0DDC;810C0DDC;c:\windows\system32\810C0DDC.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [2005-04-21 14336]
R4 TPM12;NSC Integrated Trusted Platform Module 1.2;c:\windows\system32\DRIVERS\nsctpm12.sys [2005-04-21 13056]
S1 MpKsl786c9aa6;MpKsl786c9aa6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10DD13C6-32EF-450B-93ED-7AE52CCB2ACD}\MpKsl786c9aa6.sys [2011-05-20 28752]
S2 sftlist;Application Virtualization Client;c:\program files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [2010-04-23 428392]
S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2009-01-08 2525720]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 sftfs;sftfs;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftfslh.sys [2010-04-23 547176]
S3 sftplay;sftplay;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftplaylh.sys [2010-04-23 184680]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]
S3 sftvol;sftvol;c:\program files\Softricity\SoftGrid for Windows Desktops\drivers\sftvollh.sys [2010-04-23 14696]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [2010-04-23 189288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL786C9AA6
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.pclconnects.com
mStart Page = hxxp://portal.pclconnects.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-20 09:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-05-20 09:21:17
ComboFix-quarantined-files.txt 2011-05-20 13:21
ComboFix2.txt 2011-05-20 12:51
ComboFix3.txt 2011-05-20 00:35
ComboFix4.txt 2011-05-19 23:59
ComboFix5.txt 2011-05-20 12:55
.
Pre-Run: 13,278,830,592 bytes free
Post-Run: 13,269,987,328 bytes free
.
- - End Of File - - 148B3E4E0051BC5B6C27A98DC9E06225

******************************************************************************************
-Unhooker:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x86F8E3D8 [412] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x8720FD90 [424] C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation, Andrea filters APO access service (32-bit))
0x872373E0 [516] C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation, Displays state of Intel® Active Management Technology.)
0x86719D90 [544] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x84A36D90 [596] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x8494B200 [604] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x87240B88 [608] C:\Program Files\Intel\AMT\LMS.exe (Intel, Local Manageability Service)
0x84A91D90 [636] C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation, SQL Server Windows NT)
0x84A57710 [640] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x84A3ED90 [664] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x84A46D90 [672] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x84A73288 [700] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x84B30D90 [856] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x84B2B8E0 [904] C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 185.85)
0x84B4B020 [932] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x84B67368 [980] C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation, Antimalware Service Executable)
0x84FF8668 [1132] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x84BEC778 [1156] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x84E44D90 [1224] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x84C10570 [1228] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x84C20020 [1252] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8687BD90 [1280] C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation, Machine Debug Manager)
0x8710BB88 [1448] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85221408 [1516] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8712A020 [1572] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)
0x851D5510 [1620] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x84CDF778 [1632] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x870B6D90 [1724] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x84C3DD90 [1904] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8719D820 [1932] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x872B8020 [1972] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8668F368 [2064] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8526C658 [2096] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation, GrooveMonitor Utility)
0x872B0C30 [2348] C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe (Microsoft Corporation, Microsoft Application Virtualization Virtual Service Agent)
0x872B28A8 [2364] C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation, SQL Browser Service EXE)
0x866CC588 [2392] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation, SQL Server VSS Writer)
0x872CD020 [2448] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87302578 [2520] C:\Program Files\Intel\AMT\UNS.exe (Intel, User Notification Service)
0x87315AD8 [2592] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87331298 [2632] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x87322BD8 [2676] C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation, CCM Executive)
0x85241778 [2696] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc., AcroTray)
0x8730F918 [2724] C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe (Microsoft Corporation, Microsoft Application Virtualization Client Service)
0x84914D90 [3052] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x874955A0 [3224] C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation, Microsoft Network Inspection System)
0x87440020 [3232] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x8741D598 [3372] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x8562CD90 [3432] C:\Users\oatitov\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x87445020 [3468] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x87596B20 [3584] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x87481548 [3644] C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 185.85)
0x8515BD90 [3680] C:\Program Files\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc., Program Neighborhood)
0x855C1B28 [3820] C:\Windows\System32\SearchProtocolHost.exe (Microsoft Corporation, Microsoft Windows Search Protocol Host)
0x84F9F210 [3852] C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe (Microsoft Corporation, Microsoft Application Virtualization Desktop Configuration Controller)
0x8518CD90 [4112] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation, Microsoft Office Communicator 2007 R2)
0x8523ED90 [4180] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x87227720 [4196] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation, Displays state of Intel® Active Management Technology.)
0x853AAD90 [4348] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc., SMax4PNP)
0x853AA020 [4356] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation, Microsoft Security Client User Interface)
0x853AA848 [4364] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation, Windows Sidebar)
0x853B0820 [4392] C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation, Microsoft Office OneNote Quick Launcher)
0x852E6980 [4620] C:\Windows\System32\mobsync.exe (Microsoft Corporation, Microsoft Sync Center)
0x84B77D90 [4628] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x85883188 [4728] C:\Windows\System32\SearchFilterHost.exe (Microsoft Corporation, Microsoft Windows Search Filter Host)
0x870CA020 [5232] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x8561A180 [5380] C:\Windows\System32\notepad.exe (Microsoft Corporation, Notepad)
0x848D8D90 [4] System
0x84C67488 [1380] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
==============================================
>Drivers
==============================================
0x8F60F000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9850880 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 185.85 )
0x81C52000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x81C52000 PnpManager 3907584 bytes
0x81C52000 RAW 3907584 bytes
0x81C52000 WMIxWDM 3907584 bytes
0x9A4E0000 Win32k 2113536 bytes
0x9A4E0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x82608000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8227B000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x82409000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)
0x804CF000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA3E05000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x90CEA000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8252D000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x9000E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xA3EED000 C:\Program Files\Softricity\SoftGrid for Windows Desktops\drivers\sftfslh.sys 573440 bytes (Microsoft Corporation, Microsoft Application Virtualization File System)
0x90416000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x80608000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8220A000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80405000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA320D000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x90538000 C:\Windows\system32\drivers\ADIHdAud.sys 401408 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x90C0C000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0xA3387000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8072D000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x908C8000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80691000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8048E000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x90181000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x805BF000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x90979000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8FFB1000 C:\Windows\system32\DRIVERS\e1e6032.sys 241664 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x823B1000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA330E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x82718000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x904F2000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xA3F79000 C:\Program Files\Softricity\SoftGrid for Windows Desktops\drivers\sftplaylh.sys 212992 bytes (Microsoft Corporation, Microsoft Application Virtualization SystemGuard)
0x81C1F000 ACPI_HAL 208896 bytes
0x81C1F000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x90DBD000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x807C2000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x90910000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x90152000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x9059A000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82386000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x900AE000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x904B1000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xC2408000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA335F000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82768000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x90801000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x806E8000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x905C7000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8278F000 C:\Windows\System32\DRIVERS\fvevol.sys 147456 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x825CD000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x827C4000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA32CE000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9084B000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA32EF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807A4000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA3283000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x824F6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x90CC8000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8FF8D000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0xA32A0000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x90122000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA3347000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x900F1000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x90C67000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x901CD000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA33DD000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x90942000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9089E000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA32B9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x90401000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x823EC000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x908B4000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x9009B000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x90DAA000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90966000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x827B3000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x90C9E000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x90527000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80475000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805AF000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x90D9A000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8078C000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x9049F000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x9013A000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x90CB9000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x82759000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070F000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x901EF000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F600000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8071E000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x9A720000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x90958000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x90887000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8077E000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x90114000 C:\Windows\system32\drivers\tpm.sys 57344 bytes (Microsoft Corporation, TPM Device Driver)
0x90C7E000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x904E5000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80684000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA3FDF000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 49152 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
0xA3FAD000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xA3FD3000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x9083F000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8FF76000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x90C8B000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x90109000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x8FF82000 C:\Windows\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel® Management Engine Interface)
0x900E6000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x900DB000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x9087C000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x901E4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x901C2000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xA3FC8000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x8FFEC000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x90CAF000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x904DB000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x909B5000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA3EE3000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8FFA7000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA327A000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x827E5000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x90828000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xC2460000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x90895000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA3FB9000 C:\Windows\system32\DRIVERS\Sftredirlh.sys 36864 bytes (Microsoft Corporation, Microsoft Application Virtualization SystemGuard)
0x9A700000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x90149000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806D7000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8079C000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80486000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x90C96000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x806E0000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9086C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90874000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x82751000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x90838000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x90831000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xA33D6000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x80777000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x90CE3000 C:\Program Files\Softricity\SoftGrid for Windows Desktops\drivers\sftvollh.sys 28672 bytes (Microsoft Corporation, Microsoft Application Virtualization Volume Manager)
0x909E3000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10DD13C6-32EF-450B-93ED-7AE52CCB2ACD}\MpKsl0b29dac4.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x909DD000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10DD13C6-32EF-450B-93ED-7AE52CCB2ACD}\MpKsl331d9547.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x909D7000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10DD13C6-32EF-450B-93ED-7AE52CCB2ACD}\MpKsl3f81c7ce.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xA3FC2000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10DD13C6-32EF-450B-93ED-7AE52CCB2ACD}\MpKsl44036560.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x909D1000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10DD13C6-32EF-450B-93ED-7AE52CCB2ACD}\MpKsl5ee0dbc0.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x909CB000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10DD13C6-32EF-450B-93ED-7AE52CCB2ACD}\MpKsl84e59067.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x909C5000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10DD13C6-32EF-450B-93ED-7AE52CCB2ACD}\MpKslb6ce95de.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x909BF000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10DD13C6-32EF-450B-93ED-7AE52CCB2ACD}\MpKslfbcc4881.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xA3FEB000 C:\Windows\system32\CCM\prepdrv.sys 16384 bytes (Microsoft Corporation, SMS Software Metering Process Event Driver)
0x867E6000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8FF74000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 185.85 )
0x904AF000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x900D9000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x81CFA7AA-->81CFA7B1 [ntkrnlpa.exe]
[1252]svchost.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x75612671-->00000000 [unknown_code_page]
[1252]svchost.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x756127D4-->00000000 [unknown_code_page]
[1252]svchost.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x75612995-->00000000 [unknown_code_page]
[1252]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77985BF8-->00000000 [unknown_code_page]
[1252]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77984B84-->00000000 [unknown_code_page]
[1252]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x779854C4-->00000000 [unknown_code_page]
[1252]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x76B90B88-->00000000 [unknown_code_page]
[1252]svchost.exe-->user32.dll-->GetForegroundWindow, Type: Inline - RelativeJump 0x76B832C4-->00000000 [unknown_code_page]
[1252]svchost.exe-->user32.dll-->WindowFromPoint, Type: Inline - RelativeJump 0x76B7884F-->00000000 [unknown_code_page]
[1516]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[1516]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[1516]explorer.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x75612671-->00000000 [unknown_code_page]
[1516]explorer.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x756127D4-->00000000 [unknown_code_page]
[1516]explorer.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x75612995-->00000000 [unknown_code_page]
[1516]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77985BF8-->00000000 [unknown_code_page]
[1516]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77984B84-->00000000 [unknown_code_page]
[1516]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x779854C4-->00000000 [unknown_code_page]
[1516]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[1516]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2364]sqlbrowser.exe-->mswsock.dll+0x00002671, Type: Inline - RelativeJump 0x75612671-->00000000 [unknown_code_page]
[2364]sqlbrowser.exe-->mswsock.dll+0x000027D4, Type: Inline - RelativeJump 0x756127D4-->00000000 [unknown_code_page]
[2364]sqlbrowser.exe-->mswsock.dll+0x00002995, Type: Inline - RelativeJump 0x75612995-->00000000 [unknown_code_page]
[2364]sqlbrowser.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77985BF8-->00000000 [unknown_code_page]
[2364]sqlbrowser.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77984B84-->00000000 [unknown_code_page]
[2364]sqlbrowser.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x779854C4-->00000000 [unknown_code_page]
[4112]communicator.exe-->user32.dll-->SetProcessDPIAware, Type: Inline - RelativeJump 0x76B7CBFA-->00000000 [communicator.exe]
**************************************************************************************************
Thank you,

Alex

This post has been edited by hamluis: 20 May 2011 - 09:38 AM
Reason for edit: Moved from Vista to Malware Removal Logs.

Hello ,
And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

• A detailed description of your problems
• A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

Problem has been fixed prior reply. Thank you. Please close the topic.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.