Malware Intruders?

[theaftermath06]

Hey all I have been have major problems and need some help please.  I am running Vista on a laptop.  Here are the logs from everything as I have done everything you have requested.  Thank you for any help you folks can give.  This is driving me nuts.  I don't know if this helps but one of the main symptoms I am seeing other then slow is internet connection keeps coming and going but when I go into say Firefox it will start back up.  I then noticed Malwarebytes had errors updating and then errors just starting.  Anyways here are the logs for each.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/16/2010 at 06:36 AM

Application Version : 4.44.1000

Core Rules Database Version : 5695
Trace Rules Database Version: 3507

Scan type       : Complete Scan
Total Scan Time : 01:55:08

Memory items scanned      : 588
Memory threats detected   : 0
Registry items scanned    : 7754
Registry threats detected : 0
File items scanned        : 162429
File threats detected     : 28

Adware.Tracking Cookie
   .atdmt.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .divx.112.2o7.net [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .doubleclick.net [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .revsci.net [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .revsci.net [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .advertising.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .surveymonkey.122.2o7.net [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .revsci.net [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .revsci.net [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .revsci.net [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .microsoftsto.112.2o7.net [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   ads.neudesicmediagroup.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   ads.neudesicmediagroup.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   ads.neudesicmediagroup.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .tribalfusion.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .insightexpressai.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\cookies.sqlite ]
===================================================================================================

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4850

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

10/16/2010 12:38:48 PM
mbam-log-2010-10-16 (12-38-48).txt

Scan type: Quick scan
Objects scanned: 136954
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
===================================================================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:02:20 PM, on 10/16/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Emsisoft\Online Armor\oaui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\OAui.exe"
O4 - HKLM\..\Run: [CheckPoint Cleanup] C:\Users\PT\AppData\Local\Temp\cpes_clean_launcher.exe C:\Users\PT\AppData\Local\Temp\cpes_clean.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: 
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\OAcat.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\oasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7915 bytes


Thanks again for any and all help.  I gotta say regardless if you help me or not you guys rock!  The knowledge I have already gathered and plan on gathering is awesome.   Thank you so much again.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

********************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************************

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[theaftermath06]

Hi SuperDave, thank you for spending some time with me.  Here are the logs of both of those scans;  I installed Service Pack 2 for Vista but have had issues with network adaptor ever since so I uninstalled it until I figure all of this out.  Thanks again SuperDave!



 Results of screen317's Security Check version 0.99.5 
 Windows Vista Service Pack 1 (UAC is enabled)
 Out of date service pack!![/b]
 Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 avast! Free Antivirus   
 Online Armor 4.0   
 McAfee Security Scan Plus   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 Java(TM) 6 Update 22 
 Java(TM) 6 Update 5 
 Java(TM) 6 Update 7 
 Out of date Java installed!
 Adobe Flash Player 10.1.85.3 
Adobe Reader 9.3.4
 Mozilla Firefox (3.6.10) Firefox Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Windows Defender MSASCui.exe
 Tall Emu Online Armor OAcat.exe
 Tall Emu Online Armor oasrv.exe
 Tall Emu Online Armor oaui.exe
 Tall Emu Online Armor OAhlp.exe
 Windows Defender MSASCui.exe   
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 AvastUI.exe 
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


===================================================================================================

ComboFix 10-10-18.03 - PT 10/19/2010   4:31.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.1.1033.18.1978.848 [GMT -4:00]
Running from: c:\users\PT\Desktop\Commy.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2010-09-19 to 2010-10-19  )))))))))))))))))))))))))))))))
.

2010-10-19 08:44 . 2010-10-19 08:45   --------   d-----w-   c:\users\PT\AppData\Local\temp
2010-10-19 08:44 . 2010-10-19 08:44   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-10-19 02:41 . 2010-06-04 16:29   1606368   ----a-w-   c:\windows\system32\drivers\athw.sys
2010-10-19 02:24 . 2010-10-19 02:24   --------   d-----w-   c:\users\PT\AppData\Local\Innovative Solutions
2010-10-19 02:24 . 2010-10-19 02:24   --------   d-----w-   c:\programdata\Innovative Solutions
2010-10-19 02:24 . 2010-10-19 02:24   --------   d-----w-   c:\program files\Innovative Solutions
2010-10-18 12:08 . 2010-10-18 12:08   --------   d-----w-   c:\program files\Microsoft
2010-10-18 12:08 . 2010-10-18 12:08   --------   d-----w-   c:\program files\MSN Toolbar
2010-10-18 12:07 . 2010-10-18 12:07   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-10-18 12:07 . 2010-10-18 12:07   --------   d-----w-   c:\programdata\PC Drivers HeadQuarters
2010-10-18 12:07 . 2010-10-18 12:08   --------   d-----w-   c:\program files\MSN Toolbar Installer
2010-10-18 12:05 . 2010-10-18 12:05   --------   d-----w-   c:\program files\PC Drivers HeadQuarters
2010-10-16 17:00 . 2010-10-16 17:00   388096   ----a-r-   c:\users\PT\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-16 17:00 . 2010-10-16 17:00   --------   d-----w-   c:\program files\Trend Micro
2010-10-16 08:36 . 2010-10-16 08:36   --------   d-----w-   c:\program files\CCleaner
2010-10-16 08:21 . 2010-10-16 08:21   --------   d-----w-   c:\programdata\ZA_PreservedFiles
2010-10-16 07:46 . 2010-10-16 08:19   --------   d-----w-   c:\programdata\OnlineArmor
2010-10-16 07:46 . 2010-10-16 07:46   --------   d-----w-   c:\users\PT\AppData\Roaming\OnlineArmor
2010-10-16 07:44 . 2010-07-07 16:25   22600   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-10-16 07:44 . 2010-07-07 16:25   29256   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-10-16 07:44 . 2010-07-07 16:25   236104   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-10-16 07:44 . 2010-10-16 07:44   --------   d-----w-   c:\program files\Emsisoft
2010-10-16 04:56 . 2010-09-07 14:47   17744   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-10-16 04:56 . 2010-09-07 14:52   165584   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-10-16 04:56 . 2010-09-07 14:47   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-10-16 04:56 . 2010-09-07 14:52   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-10-16 04:56 . 2010-09-07 14:47   50768   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2010-10-16 04:55 . 2010-09-07 15:12   38848   ----a-w-   c:\windows\avastSS.scr
2010-10-16 04:55 . 2010-09-07 15:11   167592   ----a-w-   c:\windows\system32\aswBoot.exe
2010-10-16 04:54 . 2010-10-16 04:54   --------   d-----w-   c:\programdata\Alwil Software
2010-10-16 04:54 . 2010-10-16 04:54   --------   d-----w-   c:\program files\Alwil Software
2010-10-16 03:49 . 2010-10-16 03:49   --------   d-----w-   c:\program files\Common Files\PX Storage Engine
2010-10-16 03:48 . 2010-10-16 03:48   --------   d-----w-   c:\program files\Common Files\DivX Shared
2010-10-16 03:47 . 2010-10-16 03:49   --------   d-----w-   c:\program files\DivX
2010-10-16 03:45 . 2010-09-15 08:50   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-16 03:45 . 2010-09-15 08:50   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-10-16 03:40 . 2010-10-16 03:40   --------   d-----w-   c:\programdata\McAfee Security Scan
2010-10-16 03:40 . 2010-10-16 03:40   --------   d-----w-   c:\program files\McAfee Security Scan
2010-10-16 00:10 . 2010-09-09 22:52   6084944   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C93082C-93BB-4EAA-89DA-3FA60FB3D2DA}\mpengine.dll
2010-10-15 22:22 . 2010-10-15 22:22   --------   d-----w-   c:\users\PT\AppData\Local\Microsoft Corporation
2010-10-15 22:14 . 2010-10-15 22:15   --------   d-----w-   c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-10-15 13:23 . 2010-10-15 13:23   --------   d-----w-   c:\programdata\WindowsSearch
2010-10-15 04:29 . 2010-10-15 04:29   --------   d-----w-   c:\windows\system32\EventProviders
2010-10-15 04:29 . 2010-10-15 23:22   --------   d-----w-   C:\78944cbdd329974413
2010-10-15 03:24 . 2009-11-08 14:55   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2010-10-15 03:24 . 2009-11-08 14:55   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2010-10-15 03:24 . 2009-11-08 14:55   297808   ----a-w-   c:\windows\system32\mscoree.dll
2010-10-15 03:24 . 2009-11-08 14:55   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2010-10-15 03:24 . 2009-11-08 14:55   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2010-10-15 03:19 . 2010-09-20 09:25   231936   ----a-w-   c:\windows\system32\msshsq.dll
2010-10-15 03:11 . 2010-06-28 17:00   1316864   ----a-w-   c:\windows\system32\ole32(1580).dll
2010-10-15 03:11 . 2010-06-28 16:15   1315840   ----a-w-   c:\windows\system32\ole32.dll
2010-10-15 03:11 . 2010-06-28 14:31   339968   ----a-w-   c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-15 03:11 . 2010-04-05 16:08   317952   ----a-w-   c:\windows\system32\MP4SDECD.DLL
2010-10-15 03:11 . 2010-08-31 15:44   531968   ----a-w-   c:\windows\system32\comctl32(918).dll
2010-10-15 03:11 . 2010-08-31 15:40   531968   ----a-w-   c:\windows\system32\comctl32.dll
2010-10-15 03:09 . 2010-09-10 16:35   168960   ----a-w-   c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 03:09 . 2010-09-10 16:37   8147456   ----a-w-   c:\windows\system32\wmploc.DLL
2010-10-15 03:08 . 2010-09-06 14:13   303616   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-10-15 03:08 . 2010-09-06 14:12   145408   ----a-w-   c:\windows\system32\drivers\srv2.sys
2010-10-15 03:08 . 2010-09-06 16:24   125952   ----a-w-   c:\windows\system32\srvsvc.dll
2010-10-15 03:08 . 2010-09-06 14:12   101888   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2010-10-15 03:08 . 2010-09-06 16:23   17920   ----a-w-   c:\windows\system32\netevent.dll
2010-10-15 03:07 . 2010-06-18 17:31   36864   ----a-w-   c:\windows\system32\rtutils(1680).dll
2010-10-15 03:07 . 2010-06-18 16:43   36352   ----a-w-   c:\windows\system32\rtutils.dll
2010-10-15 03:06 . 2010-06-22 12:57   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-10-15 03:05 . 2010-04-16 16:05   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2010-10-15 03:05 . 2010-04-16 14:17   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-15 03:04 . 2010-08-17 10:52   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2010-10-15 03:03 . 2010-01-25 08:35   523776   ----a-w-   c:\windows\system32\RMActivate_isv.exe
2010-10-15 03:03 . 2010-01-25 08:34   511488   ----a-w-   c:\windows\system32\RMActivate.exe
2010-10-15 03:03 . 2010-01-25 08:34   347136   ----a-w-   c:\windows\system32\RMActivate_ssp.exe
2010-10-15 03:03 . 2010-01-25 12:48   472576   ----a-w-   c:\windows\system32\secproc_isv.dll
2010-10-15 03:03 . 2010-01-25 12:48   472064   ----a-w-   c:\windows\system32\secproc.dll
2010-10-15 03:03 . 2010-01-25 08:35   346624   ----a-w-   c:\windows\system32\RMActivate_ssp_isv.exe
2010-10-15 03:03 . 2010-01-25 12:48   151040   ----a-w-   c:\windows\system32\secproc_ssp_isv.dll
2010-10-15 03:03 . 2010-01-25 12:48   151040   ----a-w-   c:\windows\system32\secproc_ssp.dll
2010-10-15 03:03 . 2010-01-25 12:45   329216   ----a-w-   c:\windows\system32\msdrm.dll
2010-10-15 03:03 . 2010-07-26 15:51   11584512   ----a-w-   c:\windows\system32\shell32(1711).dll
2010-10-15 03:02 . 2010-01-29 16:22   1616384   ----a-w-   c:\program files\Windows Mail\msoe.dll
2010-10-15 03:00 . 2010-04-05 16:07   67072   ----a-w-   c:\windows\system32\asycfilt.dll
2010-10-15 03:00 . 2010-02-23 11:32   105984   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-10-15 03:00 . 2010-02-23 11:32   212992   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2010-10-15 03:00 . 2010-02-23 11:32   78848   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2010-10-15 02:59 . 2010-04-16 16:46   502272   ----a-w-   c:\windows\system32\usp10(1812).dll
2010-10-15 02:59 . 2010-04-16 16:10   501760   ----a-w-   c:\windows\system32\usp10.dll
2010-10-15 02:59 . 2010-08-10 15:53   274944   ----a-w-   c:\windows\system32\schannel(1688).dll
2010-10-15 02:59 . 2010-08-10 15:02   274432   ----a-w-   c:\windows\system32\schannel.dll
2010-10-15 02:59 . 2010-03-04 18:54   430080   ----a-w-   c:\windows\system32\vbscript.dll
2010-10-15 02:58 . 2010-06-16 15:55   902032   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2010-10-15 02:58 . 2010-06-16 15:56   98192   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
2010-10-15 02:58 . 2010-06-16 15:55   220040   ----a-w-   c:\windows\system32\drivers\netio.sys
2010-10-15 02:58 . 2010-06-16 15:11   438272   ----a-w-   c:\windows\system32\IKEEXT.DLL
2010-10-15 02:58 . 2010-06-16 15:10   595456   ----a-w-   c:\windows\system32\FWPUCLNT.DLL
2010-10-15 02:58 . 2010-06-16 15:09   328704   ----a-w-   c:\windows\system32\BFE.DLL
2010-10-15 02:58 . 2010-05-27 19:16   738816   ----a-w-   c:\windows\system32\inetcomm.dll
2010-10-15 02:58 . 2010-08-17 13:32   126464   ----a-w-   c:\windows\system32\spoolsv.exe
2010-10-15 02:58 . 2010-05-26 16:16   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-10-15 02:58 . 2010-05-26 14:25   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-10-15 02:58 . 2009-10-19 14:24   72704   ----a-w-   c:\windows\system32\fontsub.dll
2010-10-15 02:57 . 2010-06-08 17:00   3598216   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-10-15 02:57 . 2010-06-08 17:00   3545992   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-10-15 02:57 . 2010-05-27 19:16   81920   ----a-w-   c:\windows\system32\iccvid.dll
2010-10-15 02:57 . 2010-08-31 15:41   954752   ----a-w-   c:\windows\system32\mfc40.dll
2010-10-15 02:57 . 2010-08-31 15:41   954288   ----a-w-   c:\windows\system32\mfc40u.dll
2010-10-15 02:57 . 2010-06-11 16:15   1248768   ----a-w-   c:\windows\system32\msxml3(1540).dll
2010-10-15 02:57 . 2010-06-11 15:30   1257472   ----a-w-   c:\windows\system32\msxml3.dll
2010-10-15 02:57 . 2009-12-23 11:33   172032   ----a-w-   c:\windows\system32\wintrust(1909).dll
2010-10-15 02:57 . 2009-12-23 12:43   171520   ----a-w-   c:\windows\system32\wintrust.dll
2010-10-15 02:56 . 2010-04-16 16:10   1314816   ----a-w-   c:\windows\system32\quartz.dll
2010-10-15 02:56 . 2010-01-15 00:04   98304   ----a-w-   c:\windows\system32\cabview.dll
2010-10-15 02:56 . 2010-08-26 16:07   157184   ----a-w-   c:\windows\system32\t2embed.dll
2010-10-15 02:56 . 2010-06-17 17:15   10926592   ----a-w-   c:\program files\Movie Maker\MOVIEMK.dll
2010-10-15 02:56 . 2010-06-17 15:49   150016   ----a-w-   c:\program files\Movie Maker\MOVIEMK.exe
2010-10-15 02:56 . 2010-08-31 13:39   2037248   ----a-w-   c:\windows\system32\win32k.sys
2010-10-15 02:55 . 2010-01-21 15:59   62464   ----a-w-   c:\windows\system32\l3codeca.acm
2010-10-15 02:55 . 2010-08-20 15:21   866816   ----a-w-   c:\windows\system32\wmpmde.dll
2010-10-15 02:45 . 2009-12-28 12:32   22528   ----a-w-   c:\windows\system32\msyuv.dll
2010-10-15 02:45 . 2009-12-28 12:32   31744   ----a-w-   c:\windows\system32\msvidc32.dll
2010-10-15 02:45 . 2009-12-28 12:35   11776   ----a-w-   c:\windows\system32\tsbyuv.dll
2010-10-15 02:45 . 2009-12-28 12:32   13312   ----a-w-   c:\windows\system32\msrle32.dll
2010-10-15 02:45 . 2009-12-28 12:31   50176   ----a-w-   c:\windows\system32\iyuv_32.dll
2010-10-15 02:45 . 2009-12-28 12:32   123904   ----a-w-   c:\windows\system32\msvfw32.dll
2010-10-15 02:45 . 2009-12-28 12:31   82944   ----a-w-   c:\windows\system32\mciavi32.dll
2010-10-15 02:45 . 2009-12-28 12:28   65024   ----a-w-   c:\windows\system32\avicap32.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\OAui.exe" [2010-07-07 6854984]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-06-12 05:17   468264   ----a-w-   c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-649949092-3988278955-3429382552-1000]
"EnableNotificationsRef"=dword:00000001

R2 AMPingService;AMPingService;c:\users\PT\AppData\Local\Temp\AMPing.exe

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-08 12872]
S1 aswSP;aswSP;

S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-07 236104]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-07 22600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-08 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-06-15 67656]
S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-07 1283400]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-07 3364680]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-07-07 29256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
getPlusHelper   REG_MULTI_SZ      getPlusHelper
nosGetPlusHelper   REG_MULTI_SZ      nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\User_Feed_Synchronization-{AB615B01-BDB4-4572-9C5C-339E41746C7F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
FF - ProfilePath - c:\users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
FF - plugin: c:\users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\dmo63lgc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1680)
c:\program files\Emsisoft\Online Armor\OAwatch.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2010-10-19  04:51:12
ComboFix-quarantined-files.txt  2010-10-19 08:51

Pre-Run: 69,963,411,456 bytes free
Post-Run: 69,929,406,464 bytes free

- - End Of File - - AE2020A2066D72A1E31A4D4E5E7F6290

[SuperDave]

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

• Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  
• Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
• Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
• It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
• Once inside the interface, do not fix anything. Click on the Report tab.
  
• Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  
• It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
• When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

[theaftermath06]

Ok Super this is what I have;

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #1
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtAllocateVirtualMemory, Type: Address change 0x81C68B78-->8F53EED0 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtAlpcConnectPort, Type: Address change 0x81C221BF-->8F53D590 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtAlpcCreatePort, Type: Address change 0x81BF27E3-->8F53CA80 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtAssignProcessToJobObject, Type: Address change 0x81BF61F1-->8F53F700 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtConnectPort, Type: Address change 0x81C0282D-->8F53CDA0 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtCreateFile, Type: Address change 0x81C5D076-->8F54C9C0 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtCreatePort, Type: Address change 0x81BCD581-->8F53C8E0 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtCreateSection, Type: Address change 0x81C7F259-->8F538EF0 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x81CCA150-->8F53AF20 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtDebugActiveProcess, Type: Address change 0x81C9D6A8-->8F53BB90 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtDuplicateObject, Type: Address change 0x81C2FEFD-->8F53C6F0 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtLoadDriver, Type: Address change 0x81BA5AD2-->8F53E490 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtOpenFile, Type: Address change 0x81C466B5-->8F54D040 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtOpenSection, Type: Address change 0x81C5E8B2-->8F539310 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x81C38246-->8F53B420 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtProtectVirtualMemory, Type: Address change 0x81C6C98E-->8F53F350 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtQueryDirectoryFile, Type: Address change 0x81C46E48-->8F53EA70 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtQueueApcThread, Type: Address change 0x81BE9F7C-->8F53F8A0 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtRequestPort, Type: Address change 0x81C3827B-->8F53D9A0 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: Address change 0x81C63125-->8F53DF90 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x81C8B552-->8F54C550 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtResumeThread, Type: Address change 0x81C375F0-->8F53C340 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSecureConnectPort, Type: Address change 0x81C0223F-->8F53D190 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x81CCAE23-->8F53B970 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSetSystemInformation, Type: Address change 0x81C2D3EE-->8F53BD30 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtShutdownSystem, Type: Address change 0x81CEA169-->8F53E370 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSuspendProcess, Type: Address change 0x81CCBA13-->8F53C520 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSuspendThread, Type: Address change 0x81C888BA-->8F53C130 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSystemDebugControl, Type: Address change 0x81C33B2C-->8F53BF40 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x81C18FBC-->8F53AC80 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x81C457BF-->8F53B760 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtUnloadDriver, Type: Address change 0x81CA85EA-->8F53E780 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x81C43CFF-->8F53F520 [C:\Windows\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtCreateThreadEx, Type: Address change 0x81C37C4E-->8F53B180 [C:\Windows\system32\drivers\OADriver.sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtGdiAlphaBlend, Type: Address change 0x9598D8A8-->8F537160 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtGdiBitBlt, Type: Address change 0x9599FB5E-->8F536480 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtGdiCreateDIBSection, Type: Address change 0x95989C14-->8F537510 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtGdiGetPixel, Type: Address change 0x9590B138-->8F5367D0 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtGdiMaskBlt, Type: Address change 0x95979557-->8F536A80 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtGdiOpenDCW, Type: Address change 0x9595E324-->8F537B00 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtGdiTransparentBlt, Type: Address change 0x9591EA7C-->8F536E10 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserAttachThreadInput, Type: Address change 0x959D25FB-->8F532F60 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserBlockInput, Type: Address change 0x959CCBD7-->8F534D60 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserCallHwndParamLock, Type: Address change 0x95912733-->8F534890 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserCallTwoParam, Type: Address change 0x9599D7C6-->8F5359D0 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0x95902CF7-->8F533A10 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetClipboardData, Type: Address change 0x959EB3D1-->8F535110 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetDC, Type: Address change 0x9598800F-->8F535DC0 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetDCEx, Type: Address change 0x959281A8-->8F536020 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0x9590CC9D-->8F5338E0 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0x9596BB98-->8F5337B0 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetWindowDC, Type: Address change 0x95998A9B-->8F536290 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserMessageCall, Type: Address change 0x9596DB7E-->8F533B40 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserMoveWindow, Type: Address change 0x959211EC-->8F5354F0 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserPostMessage, Type: Address change 0x9598D01C-->8F534020 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserPostThreadMessage, Type: Address change 0x959657A0-->8F5344D0 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserRegisterRawInputDevices, Type: Address change 0x958E40F6-->8F532D70 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSendInput, Type: Address change 0x9590FA5D-->8F534B10 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSetClipboardViewer, Type: Address change 0x959C2DA2-->8F534F00 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSetParent, Type: Address change 0x9591F534-->8F5352B0 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSetWindowPos, Type: Address change 0x95947387-->8F535880 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSetWindowsHookAW, Type: Address change 0x959EBB01-->8F532820 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0x958F737E-->8F5323C0 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0x9590AD61-->8F532AC0 [C:\Windows\system32\drivers\OADriver.sys]
win32k.sys-->NtUserShowWindow, Type: Address change 0x9591DDAB-->8F535790 [C:\Windows\system32\drivers\OADriver.sys]
==============================================
>Processes
==============================================
0xAF744138 [260] C:\Windows\System32\SearchProtocolHost.exe (Microsoft Corporation, Microsoft Windows Search Protocol Host)
0x86A9E960 [384] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x871C6480 [416] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x86B410E0 [452] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x868FC7F0 [496] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x86B7F9E0 [504] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86EB4D90 [552] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x86C8E400 [576] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x86EB9020 [592] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x86EB87E8 [600] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x871E6610 [752] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x86EF6338 [760] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86BA2BC8 [848] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86F69248 [884] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86FDE020 [968] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86FFEB10 [1048] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8701EC40 [1064] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x871F7AD8 [1128] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86FEED90 [1168] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)
0x87023020 [1204] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8727A4E0 [1248] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87054020 [1296] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8731B8B8 [1332] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
0x8708ED90 [1460] C:\Program Files\Emsisoft\Online Armor\oacat.exe (Emsi Software GmbH, Online Armor Component)
0x870B6D90 [1508] C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (-, -)
0x87146160 [1680] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x870EE590 [1728] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x871331B8 [1816] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)
0x872A5020 [1836] C:\Windows\SMINST\BLService.exe (-,  STServices)
0x873401D8 [2072] C:\Program Files\CyberLink\Shared Files\RichVideo.exe (-, RichVideo Module)
0x87352BF0 [2240] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation, Microsoft SeaPort Search Enhancement Broker)
0x876EAAD8 [2280] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc., Synaptics Pointing Device Helper)
0x87204210 [2324] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x872C6780 [2416] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86EE45B0 [2448] C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (-, HpqToaster Module)
0x86F7D508 [2452] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x87359D90 [2496] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service)
0x8738C020 [2624] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x8710BD90 [2680] C:\Program Files\Emsisoft\Online Armor\oasrv.exe (Emsi Software GmbH, Online Armor Component)
0x851B2D90 [2712] C:\Users\PT\Desktop\rku\MustBeRandomlyNamed\3Sxwxtn.exe (UG North, RKULE, SR2 Normandy)
0x857EC690 [2768] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x872E2B68 [2948] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x872E23B8 [2996] C:\Windows\System32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x8742B368 [3020] C:\Windows\System32\igfxpers.exe (Intel Corporation, persistence Module)
0x8720C400 [3044] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation, Windows Defender User Interface)
0x872B14C0 [3068] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P., HPWAMain Module)
0x86F7A8C8 [3092] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software, avast! Antivirus)
0x86F85D90 [3168] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation, Windows Sidebar)
0x84427020 [3196] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard, HP Health Check Service)
0x87213D28 [3220] C:\Program Files\Emsisoft\Online Armor\oahlp.exe (Emsi Software GmbH, Online Armor Component)
0x87490538 [3244] C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc., McAfee Security Scanner Scheduler)
0x86F7D818 [3260] C:\Program Files\Emsisoft\Online Armor\oaui.exe (Emsi Software GmbH, Online Armor Component)
0x870DF9A8 [3460] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service Monitor)
0x86F0CD90 [3784] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P., Module to process WiFi messages.)
0x851C91A8 [3816] C:\Windows\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x869B3280 [3924] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x87157C78 [3984] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x86B63530 [4008] C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P., hpqwmiex Module)
0x8555F020 [4216] C:\Windows\System32\SearchFilterHost.exe (Microsoft Corporation, Microsoft Windows Search Filter Host)
0x83DC9860 [4] System
0x87019020 [1136] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
==============================================
>Drivers
==============================================
0x8BE0C000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7225344 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81A36000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81A36000 PnpManager 3903488 bytes
0x81A36000 RAW 3903488 bytes
0x81A36000 WMIxWDM 3903488 bytes
0x958C0000 Win32k 2109440 bytes
0x958C0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C605000 C:\Windows\system32\DRIVERS\athw.sys 1609728 bytes (Atheros Communications, Inc., Driver for Atheros Wireless Network Adapter)
0x87E06000 C:\Windows\system32\drivers\ql2300.sys 1277952 bytes (QLogic Corporation, QLogic Fibre Channel Stor Miniport Driver)
0x88408000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x88075000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8F0D3000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x88205000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804C7000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAC4ED000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x87C04000 C:\Windows\system32\drivers\megasr.sys 749568 bytes (LSI Corporation, Inc., LSI MegaRAID Software RAID Driver)
0x8F201000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x80C97000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8780D000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
0x8C4F0000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x87AF4000 C:\Windows\system32\drivers\elxstor.sys 606208 bytes (Emulex, Storport Miniport Driver for LightPulse HBAs)
0x8060F000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x88004000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80D5C000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x87951000 C:\Windows\system32\drivers\adp94xx.sys 434176 bytes (Adaptec, Inc., Adaptec Windows SAS/SATA Storport Driver)
0x8040D000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x87F3E000 C:\Windows\system32\drivers\ql40xx.sys 348160 bytes (QLogic Corporation, QLogic iSCSI Storport Miniport Driver)
0x8F520000 C:\Windows\system32\drivers\OADriver.sys 319488 bytes (Emsisoft, OA Helper Driver)
0xAC483000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x87A01000 C:\Windows\system32\drivers\adpahci.sys 311296 bytes (Adaptec, Inc., Adaptec Windows SATA Storport Driver)
0x8076C000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F406000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80698000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80486000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8831C000 C:\Windows\system32\DRIVERS\Rtlh86.sys 266240 bytes (Realtek                                            , Realtek 8136/8168/8169 NDIS6 32-bit Driver                    )
0x878EE000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8F095000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8C5A7000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F4E4000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x87CD4000 C:\Windows\system32\drivers\uliahci.sys 245760 bytes (ULi Electronics Inc., ULi SATA Controller Driver)
0x8F008000 C:\Windows\system32\drivers\CHDRT32.sys 241664 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x881AB000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAC40A000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8851F000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x80C06000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x879BB000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81A03000 ACPI_HAL 208896 bytes
0x81A03000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x87D5D000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F453000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C7B1000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x88375000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8F043000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x87D10000 C:\Windows\system32\drivers\ulsata2.sys 180224 bytes (Promise Technology, Inc., Promise SATAII150 Series Windows Drivers)
0x88180000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x87DAF000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x80C50000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xAC45B000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8F58F000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0x88584000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EF000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x87A8E000 C:\Windows\system32\drivers\adpu320.sys 155648 bytes (Adaptec, Inc., Adaptec StorPort Ultra320 SCSI Driver)
0x87A68000 C:\Windows\system32\drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8F070000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x883BA000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8F4BC000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x805DC000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8F2C3000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel(R) Corporation, Intel(R) High Definition Audio HDMI)
0x87FD7000 C:\Windows\system32\drivers\ulsata.sys 135168 bytes (Promise Technology, Inc., Promise Ultra/Sata Series Driver for Win2003)
0x8F34F000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x87D3C000 C:\Windows\system32\drivers\vsmraid.sys 135168 bytes (VIA Technologies Inc.,Ltd, VIA RAID DRIVER FOR AMD-X86-64)
0x8F1D6000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x878B6000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x80DC9000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x80725000 C:\Windows\system32\drivers\mpio.sys 114688 bytes (Microsoft Corporation, MultiPath Support Bus-Driver)
0x87A4D000 C:\Windows\system32\drivers\adpu160m.sys 110592 bytes (Adaptec, Inc., Adaptec LH Ultra160 Driver (x86))
0x882EF000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8F5DC000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x805C1000 C:\Windows\system32\drivers\nvraid.sys 110592 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) RAID Driver)
0x87BBA000 C:\Windows\system32\drivers\lsi_fc.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT FC Driver (StorPort))
0x878D4000 C:\Windows\system32\drivers\lsi_scsi.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT SCSI Driver (StorPort))
0x805A7000 C:\Windows\system32\drivers\msdsm.sys 106496 bytes (Microsoft Corporation, Microsoft Device Specific Module)
0x80DE6000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8835D000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x87BD4000 C:\Windows\system32\drivers\lsi_sas.sys 98304 bytes (LSI Logic, LSI Logic Fusion-MPT SAS Driver (StorPort))
0xAC443000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F578000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x883A3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F2E4000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x87AC8000 C:\Windows\system32\drivers\arc.sys 90112 bytes (Adaptec, Inc., Adaptec RAID Storport Driver)
0x87ADE000 C:\Windows\system32\drivers\arcsas.sys 90112 bytes (Adaptec, Inc., Adaptec SAS RAID WS03 Driver)
0x80D46000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8F485000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F3A2000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8F3DE000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x881E5000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x88560000 C:\Windows\system32\drivers\sbp2port.sys 86016 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0x87FA0000 C:\Windows\system32\drivers\sisraid4.sys 86016 bytes (Silicon Integrated Systems, SiS AHCI Stor-Miniport Driver)
0x87AB4000 C:\Windows\system32\drivers\djsvs.sys 81920 bytes (Adaptec, Inc., Adaptec Ultra SCSI miniport)
0x883EC000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F3CA000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8C78E000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x80C84000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F4A9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8830A000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x885AB000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x87DD9000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8046D000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x87D8F000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8F304000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x87B92000 C:\Windows\system32\drivers\iirsp.sys 65536 bytes (Intel Corp./ICP vortex GmbH, Intel/ICP Raid Storport Driver)
0x80C40000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807E8000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x87D9F000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x885DB000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x80716000 C:\Windows\system32\drivers\isapnp.sys 61440 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xAC4D1000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88575000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80741000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x883DD000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8C5E5000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8075D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x95B40000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F49B000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x87CC6000 C:\Windows\system32\drivers\nfrd960.sys 57344 bytes (IBM Corporation, IBM ServeRAID Controller Driver)
0x8F38B000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x807BD000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8F2B6000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8792F000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0x87F93000 C:\Windows\system32\drivers\sisraid2.sys 53248 bytes (Microsoft Corporation, SiS RAID Stor Miniport Driver)
0x885C5000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8C58F000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8068B000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x87BA2000 C:\Windows\system32\drivers\iteatapi.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8211 ATA/ATAPI SCSI miniport)
0x87BAE000 C:\Windows\system32\drivers\iteraid.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8212 ATA RAID SCSI miniport)
0x87FB5000 C:\Windows\system32\drivers\symc8xx.sys 49152 bytes (LSI Logic, LSI Logic 8XX SCSI Miniport Driver)
0xAC5D5000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F343000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x87946000 C:\Windows\system32\drivers\hpcisss.sys 45056 bytes (Hewlett-Packard Company, Smart Array Storport Driver)
0x8C7A6000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C7E3000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x87CBB000 C:\Windows\system32\drivers\mraid35x.sys 45056 bytes (LSI Logic Corporation, MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86)
0x8F380000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8C5F4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x87FC1000 C:\Windows\system32\drivers\sym_hi.sys 45056 bytes (LSI Logic, LSI Logic Hi-Perf SCSI Miniport Driver)
0x87FCC000 C:\Windows\system32\drivers\sym_u3.sys 45056 bytes (LSI Logic, LSI Logic Ultra160 SCSI Miniport Driver)
0x8C7F2000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8C59C000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8F3C0000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x80753000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8F5C3000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x87B88000 C:\Windows\system32\drivers\i2omp.sys 40960 bytes (Microsoft Corporation, I2O Miniport Driver)
0x87BEC000 C:\Windows\system32\drivers\megasas.sys 40960 bytes (LSI Corporation, MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86)
0x8793C000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x885F3000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x80C7A000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8F56E000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAC5CB000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x885BC000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F32C000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8F2FB000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8F31B000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xAC400000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8BE00000 C:\Windows\system32\DRIVERS\oanet.sys 36864 bytes (Emsisoft, OA Helper Driver)
0x8F399000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x95AE0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x885D2000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x885EA000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806DE000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x878AE000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8047E000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0xAC5E9000 C:\Users\PT\AppData\Local\Temp\catchme.sys 32768 bytes
0x807E0000 C:\Windows\system32\drivers\cmdide.sys 32768 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0x80405000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F324000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806E7000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F3B8000 C:\Windows\system32\drivers\OAmon.sys 32768 bytes (Emsisoft, TDI Helper Driver)
0x8F370000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F378000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88558000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x807F8000 C:\Windows\system32\drivers\viaide.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0x88517000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0xAC5E1000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x807D2000 C:\Windows\system32\drivers\aliide.sys 28672 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0x807D9000 C:\Windows\system32\drivers\amdide.sys 28672 bytes (Microsoft Corporation, AMD IDE Driver)
0x8F33C000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8F314000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x807B6000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8F335000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x807CB000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xAC5F3000 C:\Users\PT\AppData\Local\Temp\mbr.sys 24576 bytes
0x8F4DE000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8F44E000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x8C7A1000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0x8C7EE000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAC4E9000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x80C3D000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x80750000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAC5F1000 C:\Windows\system32\Drivers\PROCEXP113.SYS 8192 bytes
0x8C7FD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8C7E1000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x00A60000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x84427020 ] PID: 3196, 110592 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000B4EEA, Type: Inline - RelativeJump 0x81AEAEEA-->81AEAEF1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000B8D48, Type: Inline - RelativeJump 0x81AEED48-->81AEED38 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000B8E48, Type: Inline - PushRet 0x81AEEE48-->B6738F53 [unknown_code_page]
ntkrnlpa.exe+0x000B8E64, Type: Inline - RelativeJump 0x81AEEE64-->81AEEE23 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000B8EF8, Type: Inline - RelativeJump 0x81AEEEF8-->81AEEEE1 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x81CCA368-->8F5A4BB2 [aswSP.SYS]
ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump 0x81C7E442-->8F5A1FFA [aswSP.SYS]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x81C15A2A-->8F5A05D4 [aswSP.SYS]
[1332]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[1332]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[1332]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll]
[1332]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[1680]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[1680]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[1680]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[1680]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[1680]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[1680]explorer.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[1680]explorer.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[1728]dwm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[1728]dwm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[1728]dwm.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[1728]dwm.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[1728]dwm.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[1728]dwm.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[1728]dwm.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[1816]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x77796E2D-->00000000 [unknown_code_page]
[2280]SynTPHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[2280]SynTPHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[2280]SynTPHelper.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[2280]SynTPHelper.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[2280]SynTPHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[2280]SynTPHelper.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[2280]SynTPHelper.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[2448]HpqToaster.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[2448]HpqToaster.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[2448]HpqToaster.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[2448]HpqToaster.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[2448]HpqToaster.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[2448]HpqToaster.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[2448]HpqToaster.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[2680]oasrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[2680]oasrv.exe-->user32.dll-->LoadStringA, Type: Inline - DirectJump 0x776D61ED-->00000000 [unknown_code_page]
[2680]oasrv.exe-->user32.dll-->LoadStringW, Type: Inline - DirectJump 0x776E95FB-->00000000 [unknown_code_page]
[2768]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[2768]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[2768]firefox.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[2768]firefox.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[2768]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[2768]firefox.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[2768]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77AD7933-->00000000 [firefox.exe]
[2768]firefox.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[2948]SynTPEnh.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[2948]SynTPEnh.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[2948]SynTPEnh.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[2948]SynTPEnh.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[2948]SynTPEnh.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[2948]SynTPEnh.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[2948]SynTPEnh.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[2996]hkcmd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[2996]hkcmd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[2996]hkcmd.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[2996]hkcmd.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[2996]hkcmd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[2996]hkcmd.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[2996]hkcmd.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[3020]igfxpers.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[3020]igfxpers.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[3020]igfxpers.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[3020]igfxpers.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[3020]igfxpers.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[3020]igfxpers.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[3020]igfxpers.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[3044]MSASCui.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[3044]MSASCui.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[3044]MSASCui.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[3044]MSASCui.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[3044]MSASCui.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[3044]MSASCui.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[3044]MSASCui.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[3068]HPWAMain.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[3068]HPWAMain.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[3068]HPWAMain.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[3068]HPWAMain.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[3068]HPWAMain.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[3068]HPWAMain.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[3068]HPWAMain.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[3092]AvastUI.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[3092]AvastUI.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[3092]AvastUI.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[3092]AvastUI.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[3092]AvastUI.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[3092]AvastUI.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[3092]AvastUI.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[3168]sidebar.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[3168]sidebar.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[3168]sidebar.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[3168]sidebar.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[3168]sidebar.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[3168]sidebar.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[3168]sidebar.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[3220]oahlp.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[3220]oahlp.exe-->user32.dll-->LoadStringA, Type: Inline - DirectJump 0x776D61ED-->00000000 [unknown_code_page]
[3220]oahlp.exe-->user32.dll-->LoadStringW, Type: Inline - DirectJump 0x776E95FB-->00000000 [unknown_code_page]
[3244]SSScheduler.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[3244]SSScheduler.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[3244]SSScheduler.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[3244]SSScheduler.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[3244]SSScheduler.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[3244]SSScheduler.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[3244]SSScheduler.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[3260]oaui.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[3260]oaui.exe-->user32.dll-->LoadStringA, Type: Inline - DirectJump 0x776D61ED-->00000000 [unknown_code_page]
[3260]oaui.exe-->user32.dll-->LoadStringW, Type: Inline - DirectJump 0x776E95FB-->00000000 [unknown_code_page]
[3784]WiFiMsg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[3784]WiFiMsg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[3784]WiFiMsg.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[3784]WiFiMsg.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[3784]WiFiMsg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[3784]WiFiMsg.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[3784]WiFiMsg.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[3816]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[3816]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[3816]ctfmon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[3816]ctfmon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[3816]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[3816]ctfmon.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[3816]ctfmon.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[3924]igfxsrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[3924]igfxsrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[3924]igfxsrvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[3924]igfxsrvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[3924]igfxsrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[3924]igfxsrvc.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[3924]igfxsrvc.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]
[752]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x778D6C71-->00000000 [unknown_code_page]
[752]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x778938FF-->00000000 [unknown_code_page]
[752]taskeng.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x77771C36-->00000000 [unknown_code_page]
[752]taskeng.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x77771C01-->00000000 [unknown_code_page]
[752]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x777930C3-->00000000 [unknown_code_page]
[752]taskeng.exe-->ntdll.dll-->LdrGetProcedureAddressEx, Type: Inline - DirectJump 0x77AF4CB8-->00000000 [unknown_code_page]
[752]taskeng.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7771B763-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

[SuperDave]

I need to run another scan for rootkits just to be sure.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was

extracted to. Open the text file and copy/paste the log here.
[/list]

[theaftermath06]

Hello SuperDave,

     Ok first of all when I started this app and selected log a new popup told me that I needed Admin privileges to do this even though I do have those permissions.  When this popped up the blue progress bar at the bottom of the main window was going crazy back and forth.  Then when I clicked on create log it did the same thing again.  Here is the log;

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

[SuperDave]

Ok. How's your computer working now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[theaftermath06]

Hi SuperDave, ok the laptop is running better and now I think we are good.  ESET found 7 more listed below that Avast, Malwarebytes, and SuperAntiSpyware did not.  I really like that ESET online scanner.  Here is a paste of the log from that.


C:\HP\HPQWare\aim_icq\triton_de_de\setup.exe   probably a variant of Win32/Agent.HZHBURL trojan   cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_en_gb\setup.exe   probably a variant of Win32/Agent.HZHBURL trojan   cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_es_es\setup.exe   probably a variant of Win32/Agent.HZHBURL trojan   cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_fr_fr\setup.exe   probably a variant of Win32/Agent.HZHBURL trojan   cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_it_it\setup.exe   probably a variant of Win32/Agent.HZHBURL trojan   cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_nl_nl\setup.exe   probably a variant of Win32/Agent.HZHBURL trojan   cleaned by deleting - quarantined
C:\Users\PT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2478564f-3f231c12   Java/TrojanDownloader.Agent.NBU trojan   deleted - quarantined


*  Please let me know what you think.  I do appreciate all of your patience and help again!  Now I need help with my desktop.  I have certainly learned that we (wife and I) have to be a lot more careful when being active online.  I thought we were better protected but I guess nothing is perfect when the users are not that bright ; ))

Thanks again SuperDave!  If I can ever do anything for you or Major Geeks just let me know.  Off to the desktop now... geesh

[SuperDave]

Well, that's good news. Let's do some cleanup.

* Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box.
* Now type commy /uninstall in the runbox
* Make sure there's a space between commy and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

*****************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

*********************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!