combofix report help

[robert1]

ComboFix 12-01-09.07 - pc 01/10/2012   3:54.1.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1791.1271 [GMT 0:00]
Running from: c:\users\pc\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\sys32
c:\programdata\sys32\Screenshot0.jpeg
c:\windows\alcrmv.exe
c:\windows\system32\spsys.log
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-10 to 2012-01-10  )))))))))))))))))))))))))))))))
.
.
2012-01-07 21:38 . 2012-01-07 21:38   --------   d-----w-   c:\program files\Windows Portable Devices
2012-01-07 21:32 . 2009-09-10 02:00   92672   ----a-w-   c:\windows\system32\UIAnimation.dll
2012-01-07 21:32 . 2009-09-10 02:01   3023360   ----a-w-   c:\windows\system32\UIRibbon.dll
2012-01-07 21:32 . 2009-09-10 02:00   1164800   ----a-w-   c:\windows\system32\UIRibbonRes.dll
2012-01-07 21:31 . 2009-09-25 01:33   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2012-01-07 21:31 . 2009-09-25 02:07   189440   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2012-01-07 21:31 . 2009-09-25 02:10   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2012-01-07 21:31 . 2009-09-25 02:04   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2012-01-07 21:31 . 2009-09-25 01:33   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
2012-01-07 21:31 . 2009-09-25 01:32   252928   ----a-w-   c:\windows\system32\dxdiag.exe
2012-01-07 21:31 . 2009-09-25 01:31   519680   ----a-w-   c:\windows\system32\d3d11.dll
2012-01-07 21:30 . 2009-10-01 01:02   30208   ----a-w-   c:\windows\system32\WPDShextAutoplay.exe
2012-01-07 21:30 . 2009-10-01 01:02   31232   ----a-w-   c:\windows\system32\BthMtpContextHandler.dll
2012-01-07 21:30 . 2009-10-01 01:01   81920   ----a-w-   c:\windows\system32\wpdbusenum.dll
2012-01-07 21:30 . 2009-10-01 01:01   60928   ----a-w-   c:\windows\system32\PortableDeviceConnectApi.dll
2012-01-07 21:30 . 2009-10-01 01:02   2537472   ----a-w-   c:\windows\system32\wpdshext.dll
2012-01-07 21:30 . 2009-10-01 01:02   334848   ----a-w-   c:\windows\system32\PortableDeviceApi.dll
2012-01-07 21:30 . 2009-10-01 01:02   87552   ----a-w-   c:\windows\system32\WPDShServiceObj.dll
2012-01-07 21:30 . 2009-10-01 01:01   546816   ----a-w-   c:\windows\system32\wpd_ci.dll
2012-01-07 21:30 . 2009-10-01 01:01   160256   ----a-w-   c:\windows\system32\PortableDeviceTypes.dll
2012-01-07 21:30 . 2009-10-01 01:01   100864   ----a-w-   c:\windows\system32\PortableDeviceClassExtension.dll
2012-01-07 21:30 . 2009-10-01 01:01   350208   ----a-w-   c:\windows\system32\WPDSp.dll
2012-01-07 21:30 . 2009-10-01 01:01   196608   ----a-w-   c:\windows\system32\PortableDeviceWMDRM.dll
2012-01-07 21:05 . 2010-01-25 12:00   471552   ----a-w-   c:\windows\system32\secproc_isv.dll
2012-01-07 21:05 . 2010-01-25 12:00   471552   ----a-w-   c:\windows\system32\secproc.dll
2012-01-07 21:05 . 2010-01-25 08:21   526336   ----a-w-   c:\windows\system32\RMActivate_isv.exe
2012-01-07 21:05 . 2010-01-25 12:00   152576   ----a-w-   c:\windows\system32\secproc_ssp_isv.dll
2012-01-07 21:05 . 2010-01-25 12:00   152064   ----a-w-   c:\windows\system32\secproc_ssp.dll
2012-01-07 21:05 . 2010-01-25 08:21   346624   ----a-w-   c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-07 21:05 . 2010-01-25 08:21   518144   ----a-w-   c:\windows\system32\RMActivate.exe
2012-01-07 21:05 . 2010-01-25 08:21   347136   ----a-w-   c:\windows\system32\RMActivate_ssp.exe
2012-01-07 21:05 . 2010-01-25 11:58   332288   ----a-w-   c:\windows\system32\msdrm.dll
2012-01-07 21:05 . 2011-08-13 04:43   6144   ----a-w-   c:\program files\Internet Explorer\iecompat.dll
2012-01-07 21:04 . 2010-08-26 16:34   1696256   ----a-w-   c:\windows\system32\gameux.dll
2012-01-07 21:04 . 2010-08-26 16:33   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2012-01-07 21:04 . 2010-08-26 14:23   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-07 01:09 . 2012-01-07 01:09   --------   d-----w-   C:\$AVG
2012-01-07 01:09 . 2012-01-10 02:26   --------   d-----w-   c:\program files\rkfree
2012-01-07 01:09 . 2012-01-07 01:09   --------   d---a-w-   c:\programdata\rkfree
2012-01-07 01:06 . 2012-01-07 01:09   --------   d-----w-   c:\users\pc\AppData\Roaming\GetRightToGo
2012-01-04 23:42 . 2012-01-04 23:43   --------   d--h--w-   c:\program files\Temp
2012-01-03 12:34 . 2009-10-07 12:01   112128   ----a-w-   c:\windows\system32\drivers\ewusbnet.sys
2012-01-03 12:34 . 2009-10-07 12:01   102912   ----a-w-   c:\windows\system32\drivers\ewusbmdm.sys
2012-01-03 12:34 . 2009-10-07 12:01   101248   ----a-w-   c:\windows\system32\drivers\ewusbdev.sys
2012-01-03 12:34 . 2009-08-25 17:03   621056   ----a-w-   c:\windows\system32\drivers\mod7700.sys
2012-01-03 12:34 . 2009-08-25 17:03   23424   ----a-w-   c:\windows\system32\drivers\ewdcsc.sys
2012-01-03 12:34 . 2009-08-25 17:03   103680   ----a-w-   c:\windows\system32\drivers\ewusbfake.sys
2012-01-02 21:13 . 2012-01-02 21:17   --------   d-----w-   c:\users\pc\AppData\Roaming\AVG
2012-01-01 22:07 . 2012-01-01 22:07   --------   d-----w-   c:\users\pc\AppData\Roaming\PeerNetworking
2012-01-01 07:38 . 2011-09-30 15:57   707584   ----a-w-   c:\program files\Common Files\System\wab32.dll
2012-01-01 07:37 . 2011-10-25 15:56   49152   ----a-w-   c:\windows\system32\csrsrv.dll
2012-01-01 07:36 . 2011-11-23 13:37   2043904   ----a-w-   c:\windows\system32\win32k.sys
2012-01-01 07:36 . 2010-05-04 19:13   231424   ----a-w-   c:\windows\system32\msshsq.dll
2012-01-01 07:36 . 2011-06-17 16:03   375808   ----a-w-   c:\windows\system32\winsrv.dll
2012-01-01 07:36 . 2011-10-14 16:02   429056   ----a-w-   c:\windows\system32\EncDec.dll
2012-01-01 07:33 . 2011-08-25 16:15   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2012-01-01 07:33 . 2011-08-25 16:14   238080   ----a-w-   c:\windows\system32\oleacc.dll
2012-01-01 07:33 . 2011-08-25 13:31   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2012-01-01 07:33 . 2011-08-25 16:14   563712   ----a-w-   c:\windows\system32\oleaut32.dll
2012-01-01 07:33 . 2011-04-21 13:55   508416   ----a-w-   c:\windows\system32\drivers\bthport.sys
2012-01-01 07:33 . 2009-06-17 13:23   30208   ----a-w-   c:\windows\system32\drivers\BTHUSB.SYS
2012-01-01 07:33 . 2011-09-20 21:02   913280   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-01-01 07:33 . 2011-09-20 13:44   31232   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2012-01-01 07:33 . 2011-07-29 16:01   293376   ----a-w-   c:\windows\system32\psisdecd.dll
2012-01-01 07:33 . 2011-07-29 16:01   217088   ----a-w-   c:\windows\system32\psisrndr.ax
2012-01-01 07:33 . 2011-07-29 16:00   57856   ----a-w-   c:\windows\system32\MSDvbNP.ax
2012-01-01 07:33 . 2011-07-29 16:00   69632   ----a-w-   c:\windows\system32\Mpeg2Data.ax
2012-01-01 07:32 . 2011-10-27 08:01   3602816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-01-01 07:32 . 2011-10-27 08:01   3550080   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-12-29 07:46 . 2012-01-10 02:45   --------   d-----w-   c:\windows\system32\drivers\AVG
2011-12-29 07:46 . 2011-12-29 07:56   --------   d-----w-   c:\programdata\AVG2012
2011-12-29 07:42 . 2012-01-02 21:19   --------   d-----w-   c:\program files\AVG
2011-12-22 19:12 . 2012-01-04 20:59   --------   d-----w-   c:\users\pc\AppData\Local\Conduit
2011-12-22 11:31 . 2012-01-04 18:15   --------   d-----w-   c:\users\pc\AppData\Roaming\QuickScan
2011-12-22 06:58 . 2011-12-22 06:58   --------   d-----w-   c:\users\pc\AppData\Roaming\CheckPoint
2011-12-22 06:55 . 2010-04-05 20:00   221568   ----a-w-   c:\windows\system32\drivers\netio.sys
2011-12-22 06:47 . 2012-01-04 21:02   --------   d-----w-   c:\program files\CheckPoint
2011-12-22 06:43 . 2004-10-15 18:32   83096   ----a-w-   c:\windows\system32\SSSensor.dll
2011-12-22 06:42 . 2011-12-22 06:42   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-12-22 06:12 . 2011-12-22 06:12   --------   d-----w-   c:\windows\system32\ca-ES
2011-12-22 06:12 . 2011-12-22 06:12   --------   d-----w-   c:\windows\system32\eu-ES
2011-12-22 06:12 . 2011-12-22 06:12   --------   d-----w-   c:\windows\system32\vi-VN
2011-12-22 05:51 . 2011-12-22 05:51   --------   d-----w-   c:\windows\system32\EventProviders
2011-12-22 05:48 . 2009-04-11 06:28   978432   ----a-w-   c:\windows\system32\drmv2clt.dll
2011-12-22 05:47 . 2009-04-11 06:28   1382912   ----a-w-   c:\windows\system32\WMVSDECD.DLL
2011-12-22 05:46 . 2009-04-11 06:28   19968   ----a-w-   c:\windows\system32\winrnr.dll
2011-12-22 05:12 . 2012-01-01 06:17   --------   d-----w-   c:\users\pc\AppData\Local\ElevatedDiagnostics
2011-12-21 21:59 . 2011-12-21 21:59   107336   ----a-w-   c:\windows\system32\drivers\bknqRDNT.sys
2011-12-21 21:31 . 2011-12-21 21:31   --------   d-----w-   c:\users\pc\AppData\Roaming\DriverCure
2011-12-21 21:31 . 2011-12-21 21:31   --------   d-----w-   c:\users\pc\AppData\Roaming\SpeedyPC Software
2011-12-21 15:10 . 2012-01-10 00:17   --------   d-----w-   c:\users\pc\AppData\Local\Mozilla Firefox
2011-12-20 21:41 . 2011-12-20 21:41   --------   d-----w-   c:\users\pc\AppData\Roaming\Online Games Downloader
2011-12-20 21:41 . 2011-12-20 21:41   --------   d-----w-   c:\program files\Online Games Downloader
2011-12-20 21:26 . 2011-12-20 21:26   79836   ----a-w-   c:\windows\system32\fruninst.exe
2011-12-20 21:14 . 2011-12-20 21:14   --------   d-----w-   c:\users\pc\AppData\Local\Adobe
2011-12-20 14:14 . 2011-11-30 02:21   6823496   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD68BD2A-A663-4359-9A53-F61822A1456F}\mpengine.dll
2011-12-20 14:12 . 2011-04-29 13:25   146432   ----a-w-   c:\windows\system32\drivers\srv2.sys
2011-12-20 14:12 . 2011-04-29 13:25   102400   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2011-12-20 14:08 . 2011-04-21 13:58   273408   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-12-20 14:08 . 2011-04-14 14:59   75264   ----a-w-   c:\windows\system32\drivers\dfsc.sys
2011-12-20 14:08 . 2011-07-06 15:31   214016   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-12-20 14:08 . 2011-04-29 13:24   79872   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2011-12-20 14:08 . 2011-04-29 13:24   106496   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-12-20 14:08 . 2011-05-02 17:16   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2011-12-20 14:07 . 2011-04-30 06:09   758784   ----a-w-   c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-12-20 14:07 . 2011-04-29 15:59   276992   ----a-w-   c:\windows\system32\schannel.dll
2011-12-18 16:02 . 2011-12-18 16:02   --------   d-----w-   c:\users\pc\AppData\Local\Microsoft Games
2011-12-17 16:05 . 2011-12-30 23:11   --------   d-----w-   c:\users\pc\AppData\Roaming\dvdcss
2011-12-17 16:05 . 2011-12-18 18:26   --------   d-----w-   c:\users\pc\AppData\Roaming\vlc
2011-12-17 15:36 . 2011-12-17 15:36   --------   d-----w-   c:\program files\Common Files\Steam
2011-12-17 15:34 . 2007-07-19 18:14   444776   ----a-w-   c:\windows\system32\d3dx10_35.dll
2011-12-17 12:18 . 2011-12-17 12:18   --------   d-----w-   c:\programdata\Systweak
2011-12-16 22:21 . 2011-12-29 19:25   1816   ----a-w-   c:\windows\system32\ASOROSet.bin
2011-12-16 22:21 . 2010-04-19 17:15   15080   ----a-w-   c:\windows\system32\ROBoot.exe
2011-12-16 22:14 . 2011-12-16 22:14   --------   d-----w-   c:\windows\Repair
2011-12-16 22:14 . 2011-12-16 22:14   --------   d-----w-   c:\users\pc\AppData\Roaming\Systweak
2011-12-16 22:13 . 2010-01-30 15:00   17136   ----a-w-   c:\windows\system32\sasnative32.exe
2011-12-16 22:13 . 2011-12-16 22:17   --------   d-----w-   c:\program files\Advanced System Optimizer 3
2011-12-16 22:10 . 2012-01-04 19:03   --------   d-----w-   c:\users\pc\AppData\Roaming\uTorrent
2011-12-16 22:10 . 2011-12-16 22:10   --------   d-----w-   c:\users\pc\AppData\Local\uTorrent
2011-12-16 20:47 . 2011-12-16 20:47   --------   d-----w-   c:\program files\VideoLAN
2011-12-16 20:37 . 2011-12-16 20:37   --------   d-----w-   c:\users\pc\AppData\Roaming\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 23:42 . 2011-04-26 13:15   319456   ----a-w-   c:\windows\DIFxAPI.dll
2011-12-10 15:24 . 2011-07-03 17:34   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-15 14:29 . 2011-04-27 10:05   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-05 06:53 . 2011-12-16 20:54   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AF255C7-8742-4B96-8971-1268EEE04974}]
2010-11-12 17:32   1368480   ----a-w-   c:\program files\Online Games Downloader\SWFCatcher.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-05-21 2605192]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-05-21 362392]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"O2Start"="c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe" [2009-10-20 2998272]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0sasnative32\0\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2548725397-2496849373-359535291-1001]
"EnableNotificationsRef"=dword:00000003
.
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [2010-01-30 6656]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Flash Recorder\mfnsp32.dll
TCP: Interfaces\{6623CB66-7996-4B51-9686-52F1C8139E98}: NameServer = 82.132.254.3 82.132.254.2
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\lso94mm2.default\
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
AddRemove-HijackThis - c:\users\pc\AppData\Local\Temp\Rar$EX17.232\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-10 04:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG2012\AVGIDSAgent.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wsqmcons.exe
c:\windows\system32\schtasks.exe
.
**************************************************************************
.
Completion time: 2012-01-10  04:27:12 - machine was rebooted
ComboFix-quarantined-files.txt  2012-01-10 04:27
.
Pre-Run: 45,245,841,408 bytes free
Post-Run: 45,890,932,736 bytes free
.
- - End Of File - - AA547D0ADCC02390594B516D02A90B4C

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
ComboFix is a very powerful tool and should not be used without the supervision of malware removal expert.
What sort of problems are you experiencing on your computer?

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*****************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

[robert1]

Sorry for taking so long to answer.But my internet stopped working  but dongle was connected fine.

Here is Malwarebytes scan

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19048
pc :: RAPER [administrator]

Protection: Enabled

1/10/2012 8:00:58 PM
mbam-log-2012-01-10 (20-00-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246819
Time elapsed: 3 hour(s), 4 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$RECYCLE.BIN\S-1-5-21-2548725397-2496849373-359535291-1001\$RTQG64R\rkfree.exe (Keylogger.Logixoft) -> Quarantined and deleted successfully.
C:\Users\pc\Documents\Downloads\rkfree_setup.exe (Keylogger.Logixoft) -> Quarantined and deleted successfully.

(end)

[robert1]

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by pc at 14:01:48 on 2012-01-11
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1791.940 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Users\pc\AppData\Local\MOZILL~1\firefox.exe
C:\Users\pc\AppData\Local\MOZILL~1\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Flash Catcher: {3af255c7-8742-4b96-8971-1268eee04974} - c:\program files\online games downloader\SWFCatcher.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [O2Start] c:\program files\o2cm-ce\o2 connection manager\tscui.exe /s
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
LSP: c:\program files\flash recorder\mfnsp32.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{6623CB66-7996-4B51-9686-52F1C8139E98} : NameServer = 82.132.254.2 82.132.254.3
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pc\appdata\roaming\mozilla\firefox\profiles\lso94mm2.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\pc\appdata\roaming\mozilla\firefox\profiles\lso94mm2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl6a52ccd2;MpKsl6a52ccd2;c:\programdata\microsoft\microsoft antimalware\definition updates\{a2c41244-f649-4d14-a805-f551705527cd}\MpKsl6a52ccd2.sys [2012-1-11 29904]
R1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [2011-11-24 15096]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [2011-12-16 238824]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-3 652872]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-3 20464]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 ADASPROT;SYSTWEAKASO;c:\program files\advanced system optimizer 3\adasprot32.sys [2011-12-16 6656]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2008-6-3 3695104]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7168]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-4-28 729728]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2007-6-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2007-6-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2007-6-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2011-6-3 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2011-6-3 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2011-6-3 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2011-6-3 97704]
.
=============== File Associations ===============
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
=============== Created Last 30 ================
.
2012-01-11 10:20:50   29904   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{a2c41244-f649-4d14-a805-f551705527cd}\MpKsl6a52ccd2.sys
2012-01-11 10:19:45   56200   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{a2c41244-f649-4d14-a805-f551705527cd}\offreg.dll
2012-01-11 04:36:38   703824   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{59d2d06f-8485-49fb-bb2c-e5f66b99e440}\gapaengine.dll
2012-01-11 04:35:47   6823496   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{a2c41244-f649-4d14-a805-f551705527cd}\mpengine.dll
2012-01-11 04:28:48   --------   d-----w-   c:\program files\Microsoft Security Client
2012-01-10 13:22:35   --------   d-----w-   c:\program files\HeavenWard
2012-01-10 12:34:15   118784   ----a-w-   c:\windows\system32\msstdfmt.dll
2012-01-10 12:34:14   184320   ----a-w-   c:\windows\system32\wzcsvc.dll
2012-01-10 12:34:13   244024   ----a-w-   c:\windows\system32\MSFLXGRD.OCX
2012-01-10 12:34:13   140096   ----a-w-   c:\windows\system32\COMDLG32.OCX
2012-01-10 12:34:13   132880   ----a-w-   c:\windows\system32\MSINET.OCX
2012-01-10 12:34:12   570128   ----a-w-   c:\program files\common files\microsoft shared\dao\DAO350.DLL
2012-01-10 12:34:12   3584   ----a-w-   c:\program files\common files\microsoft shared\dao\comcat.dll
2012-01-10 12:34:12   1338880   ----a-w-   c:\program files\common files\microsoft shared\dao\shdocvw.dll
2012-01-10 04:27:18   --------   d-----w-   c:\users\pc\appdata\local\temp
2012-01-10 04:15:30   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-01-10 03:52:38   98816   ----a-w-   c:\windows\sed.exe
2012-01-10 03:52:38   518144   ----a-w-   c:\windows\SWREG.exe
2012-01-10 03:52:38   256000   ----a-w-   c:\windows\PEV.exe
2012-01-10 03:52:38   208896   ----a-w-   c:\windows\MBR.exe
2012-01-10 03:52:27   --------   d-----w-   C:\ComboFix
2012-01-07 21:38:32   --------   d-----w-   c:\program files\Windows Portable Devices
2012-01-07 21:32:11   92672   ----a-w-   c:\windows\system32\UIAnimation.dll
2012-01-07 21:32:09   3023360   ----a-w-   c:\windows\system32\UIRibbon.dll
2012-01-07 21:32:09   1164800   ----a-w-   c:\windows\system32\UIRibbonRes.dll
2012-01-07 21:31:19   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2012-01-07 21:31:14   189440   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2012-01-07 21:31:13   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2012-01-07 21:31:13   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2012-01-07 21:31:13   252928   ----a-w-   c:\windows\system32\dxdiag.exe
2012-01-07 21:31:13   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
2012-01-07 21:31:12   519680   ----a-w-   c:\windows\system32\d3d11.dll
2012-01-07 21:06:09   797184   ----a-w-   c:\windows\system32\FntCache.dll
2012-01-07 21:05:43   471552   ----a-w-   c:\windows\system32\secproc_isv.dll
2012-01-07 21:05:43   471552   ----a-w-   c:\windows\system32\secproc.dll
2012-01-07 21:05:36   526336   ----a-w-   c:\windows\system32\RMActivate_isv.exe
2012-01-07 21:05:35   518144   ----a-w-   c:\windows\system32\RMActivate.exe
2012-01-07 21:05:35   347136   ----a-w-   c:\windows\system32\RMActivate_ssp.exe
2012-01-07 21:05:35   346624   ----a-w-   c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-07 21:05:35   152576   ----a-w-   c:\windows\system32\secproc_ssp_isv.dll
2012-01-07 21:05:35   152064   ----a-w-   c:\windows\system32\secproc_ssp.dll
2012-01-07 21:05:34   332288   ----a-w-   c:\windows\system32\msdrm.dll
2012-01-07 21:05:32   6144   ----a-w-   c:\program files\internet explorer\iecompat.dll
2012-01-07 21:04:51   1696256   ----a-w-   c:\windows\system32\gameux.dll
2012-01-07 21:04:47   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-07 21:04:47   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2012-01-07 01:09:51   --------   d-----w-   C:\$AVG
2012-01-07 01:09:35   --------   d---a-w-   c:\programdata\rkfree
2012-01-07 01:06:33   --------   d-----w-   c:\users\pc\appdata\roaming\GetRightToGo
2012-01-04 23:42:56   --------   d--h--w-   c:\program files\Temp
2012-01-03 12:34:15   621056   ----a-w-   c:\windows\system32\drivers\mod7700.sys
2012-01-03 12:34:15   23424   ----a-w-   c:\windows\system32\drivers\ewdcsc.sys
2012-01-03 12:34:15   112128   ----a-w-   c:\windows\system32\drivers\ewusbnet.sys
2012-01-03 12:34:15   103680   ----a-w-   c:\windows\system32\drivers\ewusbfake.sys
2012-01-03 12:34:15   102912   ----a-w-   c:\windows\system32\drivers\ewusbmdm.sys
2012-01-03 12:34:15   101248   ----a-w-   c:\windows\system32\drivers\ewusbdev.sys
2012-01-02 21:13:09   --------   d-----w-   c:\users\pc\appdata\roaming\AVG
2012-01-01 22:07:34   --------   d-----w-   c:\users\pc\appdata\roaming\PeerNetworking
2012-01-01 07:38:04   707584   ----a-w-   c:\program files\common files\system\wab32.dll
2012-01-01 07:37:36   49152   ----a-w-   c:\windows\system32\csrsrv.dll
2012-01-01 07:36:54   2043904   ----a-w-   c:\windows\system32\win32k.sys
2012-01-01 07:36:49   231424   ----a-w-   c:\windows\system32\msshsq.dll
2012-01-01 07:36:37   375808   ----a-w-   c:\windows\system32\winsrv.dll
2012-01-01 07:36:32   429056   ----a-w-   c:\windows\system32\EncDec.dll
2012-01-01 07:33:59   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2012-01-01 07:33:59   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2012-01-01 07:33:59   238080   ----a-w-   c:\windows\system32\oleacc.dll
2012-01-01 07:33:58   563712   ----a-w-   c:\windows\system32\oleaut32.dll
2012-01-01 07:33:32   508416   ----a-w-   c:\windows\system32\drivers\bthport.sys
2012-01-01 07:33:32   30208   ----a-w-   c:\windows\system32\drivers\BTHUSB.SYS
2012-01-01 07:33:29   913280   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-01-01 07:33:28   31232   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2012-01-01 07:33:25   293376   ----a-w-   c:\windows\system32\psisdecd.dll
2012-01-01 07:33:25   217088   ----a-w-   c:\windows\system32\psisrndr.ax
2012-01-01 07:33:24   69632   ----a-w-   c:\windows\system32\Mpeg2Data.ax
2012-01-01 07:33:24   57856   ----a-w-   c:\windows\system32\MSDvbNP.ax
2012-01-01 07:32:32   3602816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-01-01 07:32:32   3550080   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-12-29 07:49:06   --------   d-----w-   c:\users\pc\appdata\roaming\AVG2012
2011-12-29 07:46:00   --------   d-----w-   c:\windows\system32\drivers\AVG
2011-12-29 07:46:00   --------   d-----w-   c:\programdata\AVG2012
2011-12-29 07:42:58   --------   d-----w-   c:\program files\AVG
2011-12-22 19:12:55   --------   d-----w-   c:\users\pc\appdata\local\Conduit
2011-12-22 11:31:58   --------   d-----w-   c:\users\pc\appdata\roaming\QuickScan
2011-12-22 06:58:54   --------   d-----w-   c:\users\pc\appdata\roaming\CheckPoint
2011-12-22 06:55:20   221568   ----a-w-   c:\windows\system32\drivers\netio.sys
2011-12-22 06:47:21   --------   d-----w-   c:\program files\CheckPoint
2011-12-22 06:43:10   83096   ----a-w-   c:\windows\system32\SSSensor.dll
2011-12-22 06:42:03   --------   d-----w-   c:\program files\common files\Wise Installation Wizard
2011-12-22 06:12:15   --------   d-----w-   c:\windows\system32\eu-ES
2011-12-22 06:12:15   --------   d-----w-   c:\windows\system32\ca-ES
2011-12-22 06:12:14   --------   d-----w-   c:\windows\system32\vi-VN
2011-12-22 05:51:11   --------   d-----w-   c:\windows\system32\EventProviders
2011-12-22 05:48:59   978432   ----a-w-   c:\windows\system32\drmv2clt.dll
2011-12-22 05:47:59   1382912   ----a-w-   c:\windows\system32\WMVSDECD.DLL
2011-12-22 05:46:59   76288   ----a-w-   c:\windows\system32\drivers\dxg.sys
2011-12-22 05:12:08   --------   d-----w-   c:\users\pc\appdata\local\ElevatedDiagnostics
2011-12-21 21:59:16   107336   ----a-w-   c:\windows\system32\drivers\bknqRDNT.sys
2011-12-21 21:31:47   --------   d-----w-   c:\users\pc\appdata\roaming\DriverCure
2011-12-21 21:31:45   --------   d-----w-   c:\users\pc\appdata\roaming\SpeedyPC Software
2011-12-21 15:10:06   --------   d-----w-   c:\users\pc\appdata\local\Mozilla Firefox
2011-12-20 21:41:07   --------   d-----w-   c:\users\pc\appdata\roaming\Online Games Downloader
2011-12-20 21:41:06   --------   d-----w-   c:\program files\Online Games Downloader
2011-12-20 21:26:48   79836   ----a-w-   c:\windows\system32\fruninst.exe
2011-12-20 21:14:56   --------   d-----w-   c:\users\pc\appdata\local\Adobe
2011-12-20 14:14:37   6823496   ------w-   c:\programdata\microsoft\windows defender\definition updates\{bd68bd2a-a663-4359-9a53-f61822a1456f}\mpengine.dll
2011-12-20 14:12:43   146432   ----a-w-   c:\windows\system32\drivers\srv2.sys
2011-12-20 14:12:43   102400   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2011-12-20 14:08:53   273408   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-12-20 14:08:49   75264   ----a-w-   c:\windows\system32\drivers\dfsc.sys
2011-12-20 14:08:34   79872   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2011-12-20 14:08:34   214016   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-12-20 14:08:34   106496   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-12-20 14:08:30   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2011-12-20 14:07:41   758784   ----a-w-   c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-12-20 14:07:24   276992   ----a-w-   c:\windows\system32\schannel.dll
2011-12-18 16:02:09   --------   d-----w-   c:\users\pc\appdata\local\Microsoft Games
2011-12-17 15:36:38   --------   d-----w-   c:\program files\common files\Steam
2011-12-17 15:34:59   444776   ----a-w-   c:\windows\system32\d3dx10_35.dll
2011-12-17 12:18:28   --------   d-----w-   c:\programdata\Systweak
2011-12-16 22:21:13   1816   ----a-w-   c:\windows\system32\ASOROSet.bin
2011-12-16 22:21:13   15080   ----a-w-   c:\windows\system32\ROBoot.exe
2011-12-16 22:14:22   --------   d-----w-   c:\windows\Repair
2011-12-16 22:14:21   --------   d-----w-   c:\users\pc\appdata\roaming\Systweak
2011-12-16 22:13:59   17136   ----a-w-   c:\windows\system32\sasnative32.exe
2011-12-16 22:13:47   --------   d-----w-   c:\program files\Advanced System Optimizer 3
2011-12-16 22:10:12   --------   d-----w-   c:\users\pc\appdata\roaming\uTorrent
2011-12-16 22:10:12   --------   d-----w-   c:\users\pc\appdata\local\uTorrent
2011-12-16 20:47:56   --------   d-----w-   c:\program files\VideoLAN
2011-12-16 20:37:38   --------   d-----w-   c:\users\pc\appdata\roaming\Malwarebytes
.
==================== Find3M  ====================
.
2012-01-10 05:05:03   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 23:42:58   319456   ----a-w-   c:\windows\DIFxAPI.dll
2011-12-10 15:24:06   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-24 01:58:12   15096   ----a-w-   c:\windows\system32\drivers\RemoveAny.sys
.
============= FINISH: 14:04:11.99 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/26/2011 11:52:06 AM
System Uptime: 1/11/2012 10:58:49 AM (4 hours ago)
.
Motherboard: PACKARD BELL BV |  |                     
Processor: Intel(R) Celeron(R) D CPU 3.33GHz | CPU 1 | 3322/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 49.595 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 37 GiB total, 11.294 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Generic Bluetooth Radio
Device ID: USB\VID_0A12&PID_0001\5&3AC7D04D&0&2
Manufacturer: Cambridge Silicon Radio Ltd.
Name: Generic Bluetooth Radio
PNP Device ID: USB\VID_0A12&PID_0001\5&3AC7D04D&0&2
Service: BTHUSB
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acronis True Image Personal
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.0.1)
Advanced System Optimizer
Age of Empires III
AVG 2012
Command & Conquer Red Alert 2
DVD Flick 1.3.0.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 8.0 (x86 en-US)
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
O2 Connection Manager
Online Games Downloader v2.0
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VirtualDJ Home FREE
VLC media player 1.1.11
Westwood Shared Internet Components
WinRAR 4.01 (32-bit)
ZTE_MF627_USB_MODEM_1.2059.0.4
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 1:45:33 AM, Error: Service Control Manager [7043]  - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
1/6/2012 4:09:57 PM, Error: EventLog [6008]  - The previous system shutdown at 4:04:14 PM on 1/6/2012 was unexpected.
1/5/2012 6:26:14 PM, Error: Application Popup [1801]  - The hardware has reported an uncorrectable memory error.
1/4/2012 4:40:46 PM, Error: EventLog [6008]  - The previous system shutdown at 12:52:06 AM on 1/4/2012 was unexpected.
1/11/2012 4:30:41 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80248014     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/11/2012 2:58:46 AM, Error: Service Control Manager [7000]  - The avast! Firewall service failed to start due to the following error:  The system cannot find the path specified.
1/11/2012 2:47:31 AM, Error: disk [11]  - The driver detected a controller error on \Device\Harddisk4\DR4.
1/11/2012 2:37:38 AM, Error: Microsoft-Windows-Windows Defender [2004]  - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.     Signatures Attempted: Current     Error Code: 0x80092003     Error description: An error occurred while reading or writing to a file.      Signatures loading: Backup     Loading signature version: 1.107.834.0     Loading engine version: 1.1.7000.0
1/11/2012 2:34:28 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswFW aswNdis aswNdis2 aswRdr aswSnx aswSP aswTdi
1/11/2012 2:34:28 AM, Error: Service Control Manager [7001]  - The avast! Antivirus service depends on the aswMonFlt service which failed to start because of the following error:  The system cannot find the file specified.
1/11/2012 2:34:28 AM, Error: Service Control Manager [7000]  - The aswMonFlt service failed to start due to the following error:  The system cannot find the file specified.
1/11/2012 2:34:28 AM, Error: Service Control Manager [7000]  - The aswFsBlk service failed to start due to the following error:  The system cannot find the file specified.
1/11/2012 12:21:42 AM, Error: volsnap [20]  - The shadow copies of volume C: were aborted because of a failed free space computation.
1/11/2012 10:19:26 AM, Error: atikmdag [43038]  -
1/11/2012 10:18:11 AM, Error: Microsoft-Windows-Kernel-Processor-Power [6]  - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
1/11/2012 1:53:22 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{6623CB66-7996-4B51-9686-52F1C8139E98} because another computer on the network has the same name.  The server could not start.
1/11/2012 1:52:26 PM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
1/11/2012 1:07:23 PM, Error: BTHUSB [5]  - The Bluetooth driver expected an HCI event with a certain size but did not receive it.
1/10/2012 4:19:53 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
1/10/2012 4:12:02 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
.
==== End Of File ===========================

[SuperDave]

But my internet stopped working 

Is your internet connection working now?

You have two Anti-virus programs running on your computer; Microsoft Security Essentials and AVG Anti-Virus Free Edition. One will have to be disabled or uninstalled. Running more than one AV program a computer can cause all sorts of problems. I would recommend removing AVG.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[robert1]

The internet started to work again.I found 3 programs in avg on the allow list  and removed them now it works i can only remember one of them it was called IEXPLORER.EXE




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/11/2012 at 11:18 PM

Application Version : 5.0.1142

Core Rules Database Version : 8124
Trace Rules Database Version: 5936

Scan type       : Complete Scan
Total Scan Time : 00:38:22

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned      : 531
Memory threats detected   : 0
Registry items scanned    : 35216
Registry threats detected : 0
File items scanned        : 25970
File threats detected     : 2

Adware.Tracking Cookie
   C:\Users\pc\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /avgtechnologies.112.2o7 ]
   cloud.video.unrulymedia.com [ C:\USERS\PC\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5DKY9V5J ]

[robert1]

The internet started to work again.I found 3 programs in avg on the allow list  and removed them now it works i can only remember one of them it was called IEXPLORER.EXE




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/11/2012 at 11:18 PM

Application Version : 5.0.1142

Core Rules Database Version : 8124
Trace Rules Database Version: 5936

Scan type       : Complete Scan
Total Scan Time : 00:38:22

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned      : 531
Memory threats detected   : 0
Registry items scanned    : 35216
Registry threats detected : 0
File items scanned        : 25970
File threats detected     : 2

Adware.Tracking Cookie
   C:\Users\pc\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /avgtechnologies.112.2o7 ]
   cloud.video.unrulymedia.com [ C:\USERS\PC\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5DKY9V5J ]

i will run combofix tomorrow morning

[robert1]

ComboFix 12-01-12.04 - pc 01/12/2012  19:43:38.2.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1791.1228 [GMT 0:00]
Running from: c:\users\pc\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\pc\AppData\Roaming\Microsoft\Windows\Recent\hacker9.URL
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-12 to 2012-01-12  )))))))))))))))))))))))))))))))
.
.
2012-01-12 19:56 . 2012-01-12 19:57   --------   d-----w-   c:\users\pc\AppData\Local\temp
2012-01-12 19:56 . 2012-01-12 19:56   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-01-12 12:08 . 2012-01-12 12:08   29904   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11FC4154-309B-4242-AC50-A5F8DCC3BCC4}\MpKslf7208f11.sys
2012-01-12 12:08 . 2012-01-12 12:08   56200   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11FC4154-309B-4242-AC50-A5F8DCC3BCC4}\offreg.dll
2012-01-12 00:19 . 2011-11-30 02:21   6823496   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11FC4154-309B-4242-AC50-A5F8DCC3BCC4}\mpengine.dll
2012-01-11 22:37 . 2012-01-11 22:37   --------   d-----w-   c:\users\pc\AppData\Roaming\SUPERAntiSpyware.com
2012-01-11 22:30 . 2012-01-11 22:37   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-01-11 22:30 . 2012-01-11 22:30   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-01-11 22:09 . 2011-06-07 15:55   7074640   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D6B9622-F461-4008-8051-7564086F4E38}\mpengine.dll
2012-01-11 19:04 . 2012-01-11 19:04   --------   d-----w-   c:\program files\Xeus Technologies
2012-01-11 04:36 . 2011-10-04 17:22   703824   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59D2D06F-8485-49FB-BB2C-E5F66B99E440}\gapaengine.dll
2012-01-11 04:28 . 2012-01-11 04:29   --------   d-----w-   c:\program files\Microsoft Security Client
2012-01-11 02:22 . 2012-01-11 03:29   --------   d-----w-   c:\users\test
2012-01-11 02:13 . 2012-01-11 03:29   --------   d-----w-   c:\users\Guest
2012-01-10 12:34 . 2000-04-03 23:05   118784   ----a-w-   c:\windows\system32\msstdfmt.dll
2012-01-10 12:34 . 2001-10-04 13:14   184320   ----a-w-   c:\windows\system32\wzcsvc.dll
2012-01-10 12:34 . 2004-03-09 13:00   132880   ----a-w-   c:\windows\system32\MSINET.OCX
2012-01-10 12:34 . 2000-10-10 09:01   198656   ----a-w-   c:\windows\system32\comdlg32.ocx
2012-01-10 12:34 . 1998-06-24 13:00   244024   ----a-w-   c:\windows\system32\MSFLXGRD.OCX
2012-01-10 12:34 . 2001-10-04 14:13   3584   ----a-w-   c:\program files\Common Files\Microsoft Shared\DAO\comcat.dll
2012-01-10 12:34 . 2001-10-04 13:16   1338880   ----a-w-   c:\program files\Common Files\Microsoft Shared\DAO\shdocvw.dll
2012-01-10 12:34 . 1999-06-10 23:34   570128   ----a-w-   c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL
2012-01-07 21:38 . 2012-01-07 21:38   --------   d-----w-   c:\program files\Windows Portable Devices
2012-01-07 21:32 . 2009-09-10 02:00   92672   ----a-w-   c:\windows\system32\UIAnimation.dll
2012-01-07 21:32 . 2009-09-10 02:01   3023360   ----a-w-   c:\windows\system32\UIRibbon.dll
2012-01-07 21:32 . 2009-09-10 02:00   1164800   ----a-w-   c:\windows\system32\UIRibbonRes.dll
2012-01-07 21:31 . 2009-09-25 01:33   369664   ----a-w-   c:\windows\system32\WMPhoto.dll
2012-01-07 21:31 . 2009-09-25 02:07   189440   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2012-01-07 21:31 . 2009-09-25 02:10   974848   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2012-01-07 21:31 . 2009-09-25 02:04   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2012-01-07 21:31 . 2009-09-25 01:33   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
2012-01-07 21:31 . 2009-09-25 01:32   252928   ----a-w-   c:\windows\system32\dxdiag.exe
2012-01-07 21:31 . 2009-09-25 01:31   519680   ----a-w-   c:\windows\system32\d3d11.dll
2012-01-07 21:30 . 2009-10-01 01:02   30208   ----a-w-   c:\windows\system32\WPDShextAutoplay.exe
2012-01-07 21:30 . 2009-10-01 01:02   31232   ----a-w-   c:\windows\system32\BthMtpContextHandler.dll
2012-01-07 21:30 . 2009-10-01 01:01   81920   ----a-w-   c:\windows\system32\wpdbusenum.dll
2012-01-07 21:30 . 2009-10-01 01:01   60928   ----a-w-   c:\windows\system32\PortableDeviceConnectApi.dll
2012-01-07 21:30 . 2009-10-01 01:02   2537472   ----a-w-   c:\windows\system32\wpdshext.dll
2012-01-07 21:30 . 2009-10-01 01:02   334848   ----a-w-   c:\windows\system32\PortableDeviceApi.dll
2012-01-07 21:30 . 2009-10-01 01:02   87552   ----a-w-   c:\windows\system32\WPDShServiceObj.dll
2012-01-07 21:30 . 2009-10-01 01:01   546816   ----a-w-   c:\windows\system32\wpd_ci.dll
2012-01-07 21:30 . 2009-10-01 01:01   160256   ----a-w-   c:\windows\system32\PortableDeviceTypes.dll
2012-01-07 21:30 . 2009-10-01 01:01   100864   ----a-w-   c:\windows\system32\PortableDeviceClassExtension.dll
2012-01-07 21:30 . 2009-10-01 01:01   350208   ----a-w-   c:\windows\system32\WPDSp.dll
2012-01-07 21:30 . 2009-10-01 01:01   196608   ----a-w-   c:\windows\system32\PortableDeviceWMDRM.dll
2012-01-07 21:05 . 2010-01-25 12:00   471552   ----a-w-   c:\windows\system32\secproc_isv.dll
2012-01-07 21:05 . 2010-01-25 12:00   471552   ----a-w-   c:\windows\system32\secproc.dll
2012-01-07 21:05 . 2010-01-25 08:21   526336   ----a-w-   c:\windows\system32\RMActivate_isv.exe
2012-01-07 21:05 . 2010-01-25 12:00   152576   ----a-w-   c:\windows\system32\secproc_ssp_isv.dll
2012-01-07 21:05 . 2010-01-25 12:00   152064   ----a-w-   c:\windows\system32\secproc_ssp.dll
2012-01-07 21:05 . 2010-01-25 08:21   346624   ----a-w-   c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-07 21:05 . 2010-01-25 08:21   518144   ----a-w-   c:\windows\system32\RMActivate.exe
2012-01-07 21:05 . 2010-01-25 08:21   347136   ----a-w-   c:\windows\system32\RMActivate_ssp.exe
2012-01-07 21:05 . 2010-01-25 11:58   332288   ----a-w-   c:\windows\system32\msdrm.dll
2012-01-07 21:05 . 2011-08-13 04:43   6144   ----a-w-   c:\program files\Internet Explorer\iecompat.dll
2012-01-07 21:04 . 2010-08-26 16:34   1696256   ----a-w-   c:\windows\system32\gameux.dll
2012-01-07 21:04 . 2010-08-26 16:33   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2012-01-07 21:04 . 2010-08-26 14:23   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-07 01:09 . 2012-01-07 01:09   --------   d---a-w-   c:\programdata\rkfree
2012-01-07 01:06 . 2012-01-07 01:09   --------   d-----w-   c:\users\pc\AppData\Roaming\GetRightToGo
2012-01-04 23:42 . 2012-01-04 23:43   --------   d--h--w-   c:\program files\Temp
2012-01-03 12:34 . 2009-10-07 12:01   112128   ----a-w-   c:\windows\system32\drivers\ewusbnet.sys
2012-01-03 12:34 . 2009-10-07 12:01   102912   ----a-w-   c:\windows\system32\drivers\ewusbmdm.sys
2012-01-03 12:34 . 2009-10-07 12:01   101248   ----a-w-   c:\windows\system32\drivers\ewusbdev.sys
2012-01-03 12:34 . 2009-08-25 17:03   621056   ----a-w-   c:\windows\system32\drivers\mod7700.sys
2012-01-03 12:34 . 2009-08-25 17:03   23424   ----a-w-   c:\windows\system32\drivers\ewdcsc.sys
2012-01-03 12:34 . 2009-08-25 17:03   103680   ----a-w-   c:\windows\system32\drivers\ewusbfake.sys
2012-01-02 21:13 . 2012-01-02 21:17   --------   d-----w-   c:\users\pc\AppData\Roaming\AVG
2012-01-01 22:07 . 2012-01-01 22:07   --------   d-----w-   c:\users\pc\AppData\Roaming\PeerNetworking
2012-01-01 07:38 . 2011-09-30 15:57   707584   ----a-w-   c:\program files\Common Files\System\wab32.dll
2012-01-01 07:37 . 2011-10-25 15:56   49152   ----a-w-   c:\windows\system32\csrsrv.dll
2012-01-01 07:36 . 2011-11-23 13:37   2043904   ----a-w-   c:\windows\system32\win32k.sys
2012-01-01 07:36 . 2010-05-04 19:13   231424   ----a-w-   c:\windows\system32\msshsq.dll
2012-01-01 07:36 . 2011-06-17 16:03   375808   ----a-w-   c:\windows\system32\winsrv.dll
2012-01-01 07:36 . 2011-10-14 16:02   429056   ----a-w-   c:\windows\system32\EncDec.dll
2012-01-01 07:33 . 2011-08-25 16:15   555520   ----a-w-   c:\windows\system32\UIAutomationCore.dll
2012-01-01 07:33 . 2011-08-25 16:14   238080   ----a-w-   c:\windows\system32\oleacc.dll
2012-01-01 07:33 . 2011-08-25 13:31   4096   ----a-w-   c:\windows\system32\oleaccrc.dll
2012-01-01 07:33 . 2011-08-25 16:14   563712   ----a-w-   c:\windows\system32\oleaut32.dll
2012-01-01 07:33 . 2011-04-21 13:55   508416   ----a-w-   c:\windows\system32\drivers\bthport.sys
2012-01-01 07:33 . 2009-06-17 13:23   30208   ----a-w-   c:\windows\system32\drivers\BTHUSB.SYS
2012-01-01 07:33 . 2011-09-20 21:02   913280   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-01-01 07:33 . 2011-09-20 13:44   31232   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2012-01-01 07:33 . 2011-07-29 16:01   293376   ----a-w-   c:\windows\system32\psisdecd.dll
2012-01-01 07:33 . 2011-07-29 16:01   217088   ----a-w-   c:\windows\system32\psisrndr.ax
2012-01-01 07:33 . 2011-07-29 16:00   57856   ----a-w-   c:\windows\system32\MSDvbNP.ax
2012-01-01 07:33 . 2011-07-29 16:00   69632   ----a-w-   c:\windows\system32\Mpeg2Data.ax
2012-01-01 07:32 . 2011-10-27 08:01   3602816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-01-01 07:32 . 2011-10-27 08:01   3550080   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-12-29 07:46 . 2012-01-11 22:06   --------   d-----w-   c:\windows\system32\drivers\AVG
2011-12-29 07:42 . 2012-01-02 21:19   --------   d-----w-   c:\program files\AVG
2011-12-22 19:12 . 2012-01-04 20:59   --------   d-----w-   c:\users\pc\AppData\Local\Conduit
2011-12-22 11:31 . 2012-01-11 04:22   --------   d-----w-   c:\users\pc\AppData\Roaming\QuickScan
2011-12-22 06:58 . 2011-12-22 06:58   --------   d-----w-   c:\users\pc\AppData\Roaming\CheckPoint
2011-12-22 06:55 . 2010-04-05 20:00   221568   ----a-w-   c:\windows\system32\drivers\netio.sys
2011-12-22 06:47 . 2012-01-04 21:02   --------   d-----w-   c:\program files\CheckPoint
2011-12-22 06:43 . 2004-10-15 18:32   83096   ----a-w-   c:\windows\system32\SSSensor.dll
2011-12-22 06:42 . 2011-12-22 06:42   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-12-22 06:12 . 2011-12-22 06:12   --------   d-----w-   c:\windows\system32\ca-ES
2011-12-22 06:12 . 2011-12-22 06:12   --------   d-----w-   c:\windows\system32\eu-ES
2011-12-22 06:12 . 2011-12-22 06:12   --------   d-----w-   c:\windows\system32\vi-VN
2011-12-22 05:51 . 2011-12-22 05:51   --------   d-----w-   c:\windows\system32\EventProviders
2011-12-22 05:48 . 2009-04-11 06:28   978432   ----a-w-   c:\windows\system32\drmv2clt.dll
2011-12-22 05:47 . 2009-04-11 06:28   1382912   ----a-w-   c:\windows\system32\WMVSDECD.DLL
2011-12-22 05:46 . 2009-04-11 06:28   19968   ----a-w-   c:\windows\system32\winrnr.dll
2011-12-22 05:12 . 2012-01-01 06:17   --------   d-----w-   c:\users\pc\AppData\Local\ElevatedDiagnostics
2011-12-21 21:59 . 2011-12-21 21:59   107336   ----a-w-   c:\windows\system32\drivers\bknqRDNT.sys
2011-12-21 21:31 . 2011-12-21 21:31   --------   d-----w-   c:\users\pc\AppData\Roaming\DriverCure
2011-12-21 21:31 . 2011-12-21 21:31   --------   d-----w-   c:\users\pc\AppData\Roaming\SpeedyPC Software
2011-12-21 15:10 . 2012-01-11 04:00   --------   d-----w-   c:\users\pc\AppData\Local\Mozilla Firefox
2011-12-20 21:41 . 2011-12-20 21:41   --------   d-----w-   c:\users\pc\AppData\Roaming\Online Games Downloader
2011-12-20 21:41 . 2011-12-20 21:41   --------   d-----w-   c:\program files\Online Games Downloader
2011-12-20 21:26 . 2011-12-20 21:26   79836   ----a-w-   c:\windows\system32\fruninst.exe
2011-12-20 21:14 . 2011-12-20 21:14   --------   d-----w-   c:\users\pc\AppData\Local\Adobe
2011-12-20 14:12 . 2011-04-29 13:25   146432   ----a-w-   c:\windows\system32\drivers\srv2.sys
2011-12-20 14:12 . 2011-04-29 13:25   102400   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2011-12-20 14:08 . 2011-04-21 13:58   273408   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-12-20 14:08 . 2011-04-14 14:59   75264   ----a-w-   c:\windows\system32\drivers\dfsc.sys
2011-12-20 14:08 . 2011-07-06 15:31   214016   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-12-20 14:08 . 2011-04-29 13:24   79872   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2011-12-20 14:08 . 2011-04-29 13:24   106496   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-12-20 14:08 . 2011-05-02 17:16   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2011-12-20 14:07 . 2011-04-30 06:09   758784   ----a-w-   c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-12-20 14:07 . 2011-04-29 15:59   276992   ----a-w-   c:\windows\system32\schannel.dll
2011-12-18 16:02 . 2011-12-18 16:02   --------   d-----w-   c:\users\pc\AppData\Local\Microsoft Games
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 05:05 . 2011-04-26 13:34   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 23:42 . 2011-04-26 13:15   319456   ----a-w-   c:\windows\DIFxAPI.dll
2011-12-10 15:24 . 2011-07-03 17:34   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-05 06:53 . 2011-12-16 20:54   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AF255C7-8742-4B96-8971-1268EEE04974}]
2010-11-12 17:32   1368480   ----a-w-   c:\program files\Online Games Downloader\SWFCatcher.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-05-21 2605192]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-05-21 362392]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"O2Start"="c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe" [2009-10-20 2998272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0sasnative32
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2548725397-2496849373-359535291-1001]
"EnableNotificationsRef"=dword:00000003
.
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [2010-01-30 6656]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLF7208F11
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Flash Recorder\mfnsp32.dll
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\lso94mm2.default\
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-12 19:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-12  20:06:45
ComboFix-quarantined-files.txt  2012-01-12 20:06
ComboFix2.txt  2012-01-10 04:27
.
Pre-Run: 52,639,502,336 bytes free
Post-Run: 52,671,492,096 bytes free
.
- - End Of File - - E00B05629C3873EA22A9AD30C1C6E26B

[SuperDave]

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[robert1]

I cannot run SysProt Antirootkit i get not responding.Then when it tells me to end process it does not end it it is still in task manager running and will not let me stop the process

[robert1]

Hi when i rebooted my pc after sysprot.exe failed my system would not shut down the screen just whent of and the computer was still running.When i got it back on the system installed a unknown driver.

[SuperDave]

Please try this one instead.

Please download RootRepeal from GooglePages.com.

• Extract the program file to your Desktop.
• Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
  
  
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
• When done, click on Save Report
  
• Save it to the Desktop.
• Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

[robert1]

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2012/01/13 21:24
Program Version:      Version 1.3.5.0
Windows Version:      Windows Vista SP2
==================================================

Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x87246000   Size: 286720   File Visible: -   Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82010000   Size: 3846144   File Visible: -   Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x87B91000   Size: 294912   File Visible: -   Signed: -
Status: -

Name: asyncmac.sys
Image Path: C:\Windows\system32\DRIVERS\asyncmac.sys
Address: 0x9C1F0000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x87351000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x87359000   Size: 122880   File Visible: -   Signed: -
Status: -

Name: atikmdag.sys
Image Path: C:\Windows\system32\DRIVERS\atikmdag.sys
Address: 0x8C004000   Size: 5320704   File Visible: -   Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x87ABF000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x87094000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x932B0000   Size: 102400   File Visible: -   Signed: -
Status: -

Name: BthEnum.sys
Image Path: C:\Windows\system32\DRIVERS\BthEnum.sys
Address: 0x9319C000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: bthmodem.sys
Image Path: C:\Windows\system32\DRIVERS\bthmodem.sys
Address: 0x931C0000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: bthpan.sys
Image Path: C:\Windows\system32\DRIVERS\bthpan.sys
Address: 0x931A6000   Size: 106496   File Visible: -   Signed: -
Status: -

Name: bthport.sys
Image Path: C:\Windows\System32\Drivers\bthport.sys
Address: 0x9300F000   Size: 524288   File Visible: -   Signed: -
Status: -

Name: BTHUSB.sys
Image Path: C:\Windows\System32\Drivers\BTHUSB.sys
Address: 0x93002000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x99730000   Size: 57344   File Visible: -   Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x9336F000   Size: 90112   File Visible: -   Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8C61A000   Size: 98304   File Visible: -   Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x870DD000   Size: 917504   File Visible: -   Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x879C8000   Size: 135168   File Visible: -   Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x8709C000   Size: 266240   File Visible: -   Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x9311F000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x879E9000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x877E4000   Size: 94208   File Visible: -   Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x879B7000   Size: 69632   File Visible: -   Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8C68E000   Size: 151552   File Visible: -   Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x93137000   Size: 32768   File Visible: No   Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x9312C000   Size: 45056   File Visible: No   Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x9313F000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8C517000   Size: 655360   File Visible: -   Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x87990000   Size: 159744   File Visible: -   Signed: -
Status: -

Name: ewusbmdm.sys
Image Path: C:\Windows\system32\DRIVERS\ewusbmdm.sys
Address: 0x930D0000   Size: 102912   File Visible: -   Signed: -
Status: -

Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0x930F7000   Size: 163840   File Visible: -   Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x873A9000   Size: 65536   File Visible: -   Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x87377000   Size: 204800   File Visible: -   Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x87AAF000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x876D7000   Size: 110592   File Visible: -   Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x823BB000   Size: 208896   File Visible: -   Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x930A1000   Size: 65536   File Visible: -   Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x87ACF000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x93098000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x93226000   Size: 446464   File Visible: -   Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8C632000   Size: 77824   File Visible: -   Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x87A26000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8C645000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x8700C000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: KMWDFILTER.sys
Image Path: C:\Windows\system32\DRIVERS\KMWDFILTER.sys
Address: 0x9308F000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\drivers\ks.sys
Address: 0x8C6B3000   Size: 172032   File Visible: -   Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x87408000   Size: 462848   File Visible: -   Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x931CF000   Size: 65536   File Visible: -   Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x93158000   Size: 110592   File Visible: -   Signed: -
Status: -

Name: mbam.sys
Image Path: C:\Windows\system32\drivers\mbam.sys
Address: 0x9C1F9000   Size: 14208   File Visible: -   Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x87013000   Size: 458752   File Visible: -   Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x930EA000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x93149000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8C7E5000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x930C8000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x87341000   Size: 65536   File Visible: -   Signed: -
Status: -

Name: MpFilter.sys
Image Path: C:\Windows\system32\DRIVERS\MpFilter.sys
Address: 0x87A88000   Size: 157696   File Visible: -   Signed: -
Status: -

Name: MpKsl82735674.sys
Image Path: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{518B698C-05EE-4973-8D0A-57EC9CC16D75}\MpKsl82735674.sys
Address: 0x9C1EA000   Size: 23936   File Visible: -   Signed: -
Status: -

Name: MpNWMon.sys
Image Path: C:\Windows\system32\DRIVERS\MpNWMon.sys
Address: 0x9C1D1000   Size: 37376   File Visible: -   Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x932C9000   Size: 86016   File Visible: -   Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x932DE000   Size: 135168   File Visible: -   Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x932FF000   Size: 126976   File Visible: -   Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x9331E000   Size: 233472   File Visible: -   Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x93357000   Size: 98304   File Visible: -   Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x87B13000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x87295000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8C6DD000   Size: 192512   File Visible: -   Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x87584000   Size: 176128   File Visible: -   Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8C7F0000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x87981000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x87479000   Size: 1093632   File Visible: -   Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8C76F000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x93209000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8C77A000   Size: 143360   File Visible: -   Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x87A77000   Size: 69632   File Visible: -   Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x87782000   Size: 57344   File Visible: -   Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x87B5F000   Size: 204800   File Visible: -   Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x875AF000   Size: 241664   File Visible: -   Signed: -
Status: -

Name: NisDrvWFP.sys
Image Path: C:\Windows\system32\DRIVERS\NisDrvWFP.sys
Address: 0x9C1DB000   Size: 59008   File Visible: -   Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x87B1E000   Size: 57344   File Visible: -   Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x877DA000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x87808000   Size: 1114112   File Visible: -   Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\Windows\system32\ntoskrnl.exe
Address: 0x82010000   Size: 3846144   File Visible: -   Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x87AB8000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x931DF000   Size: 172032   File Visible: -   Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x87BE2000   Size: 90112   File Visible: -   Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x872C4000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x8729D000   Size: 159744   File Visible: -   Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x8732C000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x87333000   Size: 57344   File Visible: -   Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9C0B6000   Size: 909312   File Visible: -   Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82010000   Size: 3846144   File Visible: -   Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8C661000   Size: 184320   File Visible: -   Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x87083000   Size: 69632   File Visible: -   Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x87B2C000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8C758000   Size: 94208   File Visible: -   Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8C79D000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8C7AC000   Size: 81920   File Visible: -   Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8C7C0000   Size: 86016   File Visible: -   Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82010000   Size: 3846144   File Visible: -   Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x873B9000   Size: 245760   File Visible: -   Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x87B03000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x87B0B000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: rfcomm.sys
Image Path: C:\Windows\system32\DRIVERS\rfcomm.sys
Address: 0x93173000   Size: 167936   File Visible: -   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9C211000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x93213000   Size: 77824   File Visible: -   Signed: -
Status: -

Name: RTKVAC.SYS
Image Path: C:\Windows\system32\drivers\RTKVAC.SYS
Address: 0x8C800000   Size: 4166144   File Visible: -   Signed: -
Status: -

Name: Rtnicxp.sys
Image Path: C:\Windows\system32\DRIVERS\Rtnicxp.sys
Address: 0x8C650000   Size: 69632   File Visible: -   Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0x8C7FA000   Size: 24576   File Visible: -   Signed: -
Status: -

Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0x877A3000   Size: 139264   File Visible: -   Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9C194000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x87B4B000   Size: 81920   File Visible: -   Signed: -
Status: -

Name: snapman.sys
Image Path: C:\Windows\system32\DRIVERS\snapman.sys
Address: 0x87959000   Size: 162592   File Visible: -   Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x87951000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x9C006000   Size: 720896   File Visible: -   Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x933AD000   Size: 323584   File Visible: -   Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x93385000   Size: 163840   File Visible: -   Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x93293000   Size: 118784   File Visible: -   Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8C70C000   Size: 266240   File Visible: -   Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8CBFA000   Size: 4992   File Visible: -   Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x875EA000   Size: 970752   File Visible: -   Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9C19E000   Size: 49152   File Visible: -   Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8C74D000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x87B35000   Size: 90112   File Visible: -   Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8C7D5000   Size: 65536   File Visible: -   Signed: -
Status: -

Name: timntr.sys
Image Path: C:\Windows\system32\DRIVERS\timntr.sys
Address: 0x876F2000   Size: 587456   File Visible: -   Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x99710000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x87A1D000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x87A12000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x87A35000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x930B1000   Size: 94208   File Visible: -   Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8CBFC000   Size: 8192   File Visible: -   Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8C60B000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x87A42000   Size: 217088   File Visible: -   Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x8C5C3000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8C5CD000   Size: 253952   File Visible: -   Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x877C5000   Size: 86016   File Visible: -   Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x87AD6000   Size: 49152   File Visible: -   Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x87AE2000   Size: 135168   File Visible: -   Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x872D3000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x872E2000   Size: 303104   File Visible: -   Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x87918000   Size: 233472   File Visible: -   Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x87790000   Size: 77824   File Visible: -   Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8C5B7000   Size: 49152   File Visible: -   Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x871BD000   Size: 507904   File Visible: -   Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x87239000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x994F0000   Size: 2113536   File Visible: -   Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x994F0000   Size: 2113536   File Visible: -   Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x8728C000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82010000   Size: 3846144   File Visible: -   Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\Windows\system32\drivers\ws2ifsl.sys
Address: 0x87BD9000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0x9C1BF000   Size: 73728   File Visible: -   Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0x9C1AA000   Size: 83328   File Visible: -   Signed: -
Status: -

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2012/01/13 21:21
Program Version:      Version 1.3.5.0
Windows Version:      Windows Vista SP2
==================================================

Processes
-------------------
Path: System
PID: 4   Status: Locked to the Windows API!

Path: C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PID: 348   Status: -

Path: C:\Windows\System32\smss.exe
PID: 476   Status: -

Path: C:\Windows\System32\dwm.exe
PID: 500   Status: -

Path: C:\Windows\explorer.exe
PID: 580   Status: -

Path: C:\Windows\System32\spoolsv.exe
PID: 744   Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 752   Status: -

Path: C:\Windows\System32\csrss.exe
PID: 776   Status: -

Path: C:\Windows\System32\wininit.exe
PID: 824   Status: -

Path: C:\Windows\System32\csrss.exe
PID: 848   Status: -

Path: C:\Windows\System32\winlogon.exe
PID: 876   Status: -

Path: C:\Windows\System32\services.exe
PID: 924   Status: -

Path: C:\Windows\System32\lsass.exe
PID: 940   Status: -

Path: C:\Windows\System32\lsm.exe
PID: 948   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 996   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1104   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1168   Status: -

Path: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PID: 1236   Status: -

Path: C:\Windows\System32\atiesrxx.exe
PID: 1384   Status: -

Path: C:\Windows\System32\Ati2evxx.exe
PID: 1404   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1432   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1464   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1476   Status: -

Path: C:\Windows\System32\audiodg.exe
PID: 1580   Status: Locked to the Windows API!

Path: C:\Windows\System32\svchost.exe
PID: 1612   Status: -

Path: C:\Windows\System32\SLsvc.exe
PID: 1632   Status: -

Path: C:\Windows\System32\Ati2evxx.exe
PID: 1696   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1848   Status: -

Path: C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PID: 1892   Status: -

Path: C:\Program Files\SUPERAntiSpyware\SASCore.exe
PID: 1912   Status: -

Path: C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PID: 1948   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1984   Status: -

Path: C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PID: 2068   Status: -

Path: C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PID: 2084   Status: -

Path: C:\Windows\SOUNDMAN.EXE
PID: 2092   Status: -

Path: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PID: 2100   Status: -

Path: C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
PID: 2120   Status: -

Path: C:\Program Files\Microsoft Security Client\msseces.exe
PID: 2132   Status: -

Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PID: 2148   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 2176   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 2236   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 2276   Status: -

Path: C:\Windows\System32\WUDFHost.exe
PID: 2528   Status: -

Path: C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PID: 3388   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 3676   Status: -

Path: C:\Windows\System32\wuauclt.exe
PID: 3872   Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 3996   Status: -

Path: C:\Program Files\Acronis\TrueImageHome\prl_report.exe
PID: 4476   Status: -

Path: C:\Users\pc\Desktop\RootRepeal.exe
PID: 4948   Status: -

Path: C:\Program Files\Acronis\TrueImageHome\prl_stat.exe
PID: 5756   Status: -

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2012/01/13 21:23
Program Version:      Version 1.3.5.0
Windows Version:      Windows Vista SP2
==================================================

Shadow SSDT
-------------------
#: 000   Function Name: NtGdiAbortDoc
Status: Not hooked

#: 001   Function Name: NtGdiAbortPath
Status: Not hooked

#: 002   Function Name: NtGdiAddFontResourceW
Status: Not hooked

#: 003   Function Name: NtGdiAddRemoteFontToDC
Status: Not hooked

#: 004   Function Name: NtGdiAddFontMemResourceEx
Status: Not hooked

#: 005   Function Name: NtGdiRemoveMergeFont
Status: Not hooked

#: 006   Function Name: NtGdiAddRemoteMMInstanceToDC
Status: Not hooked

#: 007   Function Name: NtGdiAlphaBlend
Status: Not hooked

#: 008   Function Name: NtGdiAngleArc
Status: Not hooked

#: 009   Function Name: NtGdiAnyLinkedFonts
Status: Not hooked

#: 010   Function Name: NtGdiFontIsLinked
Status: Not hooked

#: 011   Function Name: NtGdiArcInternal
Status: Not hooked

#: 012   Function Name: NtGdiBeginPath
Status: Not hooked

#: 013   Function Name: NtGdiBitBlt
Status: Not hooked

#: 014   Function Name: NtGdiCancelDC
Status: Not hooked

#: 015   Function Name: NtGdiCheckBitmapBits
Status: Not hooked

#: 016   Function Name: NtGdiCloseFigure
Status: Not hooked

#: 017   Function Name: NtGdiClearBitmapAttributes
Status: Not hooked

#: 018   Function Name: NtGdiClearBrushAttributes
Status: Not hooked

#: 019   Function Name: NtGdiColorCorrectPalette
Status: Not hooked

#: 020   Function Name: NtGdiCombineRgn
Status: Not hooked

#: 021   Function Name: NtGdiCombineTransform
Status: Not hooked

#: 022   Function Name: NtGdiComputeXformCoefficients
Status: Not hooked

#: 023   Function Name: NtGdiConfigureOPMProtectedOutput
Status: Not hooked

#: 024   Function Name: NtGdiConsoleTextOut
Status: Not hooked

#: 025   Function Name: NtGdiConvertMetafileRect
Status: Not hooked

#: 026   Function Name: NtGdiCreateBitmap
Status: Not hooked

#: 027   Function Name: NtGdiCreateClientObj
Status: Not hooked

#: 028   Function Name: NtGdiCreateColorSpace
Status: Not hooked

#: 029   Function Name: NtGdiCreateColorTransform
Status: Not hooked

#: 030   Function Name: NtGdiCreateCompatibleBitmap
Status: Not hooked

#: 031   Function Name: NtGdiCreateCompatibleDC
Status: Not hooked

#: 032   Function Name: NtGdiCreateDIBBrush
Status: Not hooked

#: 033   Function Name: NtGdiCreateDIBitmapInternal
Status: Not hooked

#: 034   Function Name: NtGdiCreateDIBSection
Status: Not hooked

#: 035   Function Name: NtGdiCreateEllipticRgn
Status: Not hooked

#: 036   Function Name: NtGdiCreateHalftonePalette
Status: Not hooked

#: 037   Function Name: NtGdiCreateHatchBrushInternal
Status: Not hooked

#: 038   Function Name: NtGdiCreateMetafileDC
Status: Not hooked

#: 039   Function Name: NtGdiCreateOPMProtectedOutputs
Status: Not hooked

#: 040   Function Name: NtGdiCreatePaletteInternal
Status: Not hooked

#: 041   Function Name: NtGdiCreatePatternBrushInternal
Status: Not hooked

#: 042   Function Name: NtGdiCreatePen
Status: Not hooked

#: 043   Function Name: NtGdiCreateRectRgn
Status: Not hooked

#: 044   Function Name: NtGdiCreateRoundRectRgn
Status: Not hooked

#: 045   Function Name: NtGdiCreateServerMetaFile
Status: Not hooked

#: 046   Function Name: NtGdiCreateSolidBrush
Status: Not hooked

#: 047   Function Name: NtGdiD3dContextCreate
Status: Not hooked

#: 048   Function Name: NtGdiD3dContextDestroy
Status: Not hooked

#: 049   Function Name: NtGdiD3dContextDestroyAll
Status: Not hooked

#: 050   Function Name: NtGdiD3dValidateTextureStageState
Status: Not hooked

#: 051   Function Name: NtGdiD3dDrawPrimitives2
Status: Not hooked

#: 052   Function Name: NtGdiDdGetDriverState
Status: Not hooked

#: 053   Function Name: NtGdiDdAddAttachedSurface
Status: Not hooked

#: 054   Function Name: NtGdiDdAlphaBlt
Status: Not hooked

#: 055   Function Name: NtGdiDdAttachSurface
Status: Not hooked

#: 056   Function Name: NtGdiDdBeginMoCompFrame
Status: Not hooked

#: 057   Function Name: NtGdiDdBlt
Status: Not hooked

#: 058   Function Name: NtGdiDdCanCreateSurface
Status: Not hooked

#: 059   Function Name: NtGdiDdCanCreateD3DBuffer
Status: Not hooked

#: 060   Function Name: NtGdiDdColorControl
Status: Not hooked

#: 061   Function Name: NtGdiDdCreateDirectDrawObject
Status: Not hooked

#: 062   Function Name: NtGdiDdCreateSurface
Status: Not hooked

#: 063   Function Name: NtGdiDdCreateD3DBuffer
Status: Not hooked

#: 064   Function Name: NtGdiDdCreateMoComp
Status: Not hooked

#: 065   Function Name: NtGdiDdCreateSurfaceObject
Status: Not hooked

#: 066   Function Name: NtGdiDdDeleteDirectDrawObject
Status: Not hooked

#: 067   Function Name: NtGdiDdDeleteSurfaceObject
Status: Not hooked

#: 068   Function Name: NtGdiDdDestroyMoComp
Status: Not hooked

#: 069   Function Name: NtGdiDdDestroySurface
Status: Not hooked

#: 070   Function Name: NtGdiDdDestroyD3DBuffer
Status: Not hooked

#: 071   Function Name: NtGdiDdEndMoCompFrame
Status: Not hooked

#: 072   Function Name: NtGdiDdFlip
Status: Not hooked

#: 073   Function Name: NtGdiDdFlipToGDISurface
Status: Not hooked

#: 074   Function Name: NtGdiDdGetAvailDriverMemory
Status: Not hooked

#: 075   Function Name: NtGdiDdGetBltStatus
Status: Not hooked

#: 076   Function Name: NtGdiDdGetDC
Status: Not hooked

#: 077   Function Name: NtGdiDdGetDriverInfo
Status: Not hooked

#: 078   Function Name: NtGdiDdGetDxHandle
Status: Not hooked

#: 079   Function Name: NtGdiDdGetFlipStatus
Status: Not hooked

#: 080   Function Name: NtGdiDdGetInternalMoCompInfo
Status: Not hooked

#: 081   Function Name: NtGdiDdGetMoCompBuffInfo
Status: Not hooked

#: 082   Function Name: NtGdiDdGetMoCompGuids
Status: Not hooked

#: 083   Function Name: NtGdiDdGetMoCompFormats
Status: Not hooked

#: 084   Function Name: NtGdiDdGetScanLine
Status: Not hooked

#: 085   Function Name: NtGdiDdLock
Status: Not hooked

#: 086   Function Name: NtGdiDdLockD3D
Status: Not hooked

#: 087   Function Name: NtGdiDdQueryDirectDrawObject
Status: Not hooked

#: 088   Function Name: NtGdiDdQueryMoCompStatus
Status: Not hooked

#: 089   Function Name: NtGdiDdReenableDirectDrawObject
Status: Not hooked

#: 090   Function Name: NtGdiDdReleaseDC
Status: Not hooked

#: 091   Function Name: NtGdiDdRenderMoComp
Status: Not hooked

#: 092   Function Name: NtGdiDdResetVisrgn
Status: Not hooked

#: 093   Function Name: NtGdiDdSetColorKey
Status: Not hooked

#: 094   Function Name: NtGdiDdSetExclusiveMode
Status: Not hooked

#: 095   Function Name: NtGdiDdSetGammaRamp
Status: Not hooked

#: 096   Function Name: NtGdiDdCreateSurfaceEx
Status: Not hooked

#: 097   Function Name: NtGdiDdSetOverlayPosition
Status: Not hooked

#: 098   Function Name: NtGdiDdUnattachSurface
Status: Not hooked

#: 099   Function Name: NtGdiDdUnlock
Status: Not hooked

#: 100   Function Name: NtGdiDdUnlockD3D
Status: Not hooked

#: 101   Function Name: NtGdiDdUpdateOverlay
Status: Not hooked

#: 102   Function Name: NtGdiDdWaitForVerticalBlank
Status: Not hooked

#: 103   Function Name: NtGdiDvpCanCreateVideoPort
Status: Not hooked

#: 104   Function Name: NtGdiDvpColorControl
Status: Not hooked

#: 105   Function Name: NtGdiDvpCreateVideoPort
Status: Not hooked

#: 106   Function Name: NtGdiDvpDestroyVideoPort
Status: Not hooked

#: 107   Function Name: NtGdiDvpFlipVideoPort
Status: Not hooked

#: 108   Function Name: NtGdiDvpGetVideoPortBandwidth
Status: Not hooked

#: 109   Function Name: NtGdiDvpGetVideoPortField
Status: Not hooked

#: 110   Function Name: NtGdiDvpGetVideoPortFlipStatus
Status: Not hooked

#: 111   Function Name: NtGdiDvpGetVideoPortInputFormats
Status: Not hooked

#: 112   Function Name: NtGdiDvpGetVideoPortLine
Status: Not hooked

#: 113   Function Name: NtGdiDvpGetVideoPortOutputFormats
Status: Not hooked

#: 114   Function Name: NtGdiDvpGetVideoPortConnectInfo
Status: Not hooked

#: 115   Function Name: NtGdiDvpGetVideoSignalStatus
Status: Not hooked

#: 116   Function Name: NtGdiDvpUpdateVideoPort
Status: Not hooked

#: 117   Function Name: NtGdiDvpWaitForVideoPortSync
Status: Not hooked

#: 118   Function Name: NtGdiDvpAcquireNotification
Status: Not hooked

#: 119   Function Name: NtGdiDvpReleaseNotification
Status: Not hooked

#: 120   Function Name: NtGdiDxgGenericThunk
Status: Not hooked

#: 121   Function Name: NtGdiDeleteClientObj
Status: Not hooked

#: 122   Function Name: NtGdiDeleteColorSpace
Status: Not hooked

#: 123   Function Name: NtGdiDeleteColorTransform
Status: Not hooked

#: 124   Function Name: NtGdiDeleteObjectApp
Status: Not hooked

#: 125   Function Name: NtGdiDescribePixelFormat
Status: Not hooked

#: 126   Function Name: NtGdiDestroyOPMProtectedOutput
Status: Not hooked

#: 127   Function Name: NtGdiGetPerBandInfo
Status: Not hooked

#: 128   Function Name: NtGdiDoBanding
Status: Not hooked

#: 129   Function Name: NtGdiDoPalette
Status: Not hooked

#: 130   Function Name: NtGdiDrawEscape
Status: Not hooked

#: 131   Function Name: NtGdiEllipse
Status: Not hooked

#: 132   Function Name: NtGdiEnableEudc
Status: Not hooked

#: 133   Function Name: NtGdiEndDoc
Status: Not hooked

#: 134   Function Name: NtGdiEndPage
Status: Not hooked

#: 135   Function Name: NtGdiEndPath
Status: Not hooked

#: 136   Function Name: NtGdiEnumFontChunk
Status: Not hooked

#: 137   Function Name: NtGdiEnumFontClose
Status: Not hooked

#: 138   Function Name: NtGdiEnumFontOpen
Status: Not hooked

#: 139   Function Name: NtGdiEnumObjects
Status: Not hooked

#: 140   Function Name: NtGdiEqualRgn
Status: Not hooked

#: 141   Function Name: NtGdiEudcLoadUnloadLink
Status: Not hooked

#: 142   Function Name: NtGdiExcludeClipRect
Status: Not hooked

#: 143   Function Name: NtGdiExtCreatePen
Status: Not hooked

#: 144   Function Name: NtGdiExtCreateRegion
Status: Not hooked

#: 145   Function Name: NtGdiExtEscape
Status: Not hooked

#: 146   Function Name: NtGdiExtFloodFill
Status: Not hooked

#: 147   Function Name: NtGdiExtGetObjectW
Status: Not hooked

#: 148   Function Name: NtGdiExtSelectClipRgn
Status: Not hooked

#: 149   Function Name: NtGdiExtTextOutW
Status: Not hooked

#: 150   Function Name: NtGdiFillPath
Status: Not hooked

#: 151   Function Name: NtGdiFillRgn
Status: Not hooked

#: 152   Function Name: NtGdiFlattenPath
Status: Not hooked

#: 153   Function Name: NtGdiFlush
Status: Not hooked

#: 154   Function Name: NtGdiForceUFIMapping
Status: Not hooked

#: 155   Function Name: NtGdiFrameRgn
Status: Not hooked

#: 156   Function Name: NtGdiFullscreenControl
Status: Not hooked

#: 157   Function Name: NtGdiGetAndSetDCDword
Status: Not hooked

#: 158   Function Name: NtGdiGetAppClipBox
Status: Not hooked

#: 159   Function Name: NtGdiGetBitmapBits
Status: Not hooked

#: 160   Function Name: NtGdiGetBitmapDimension
Status: Not hooked

#: 161   Function Name: NtGdiGetBoundsRect
Status: Not hooked

#: 162   Function Name: NtGdiGetCertificate
Status: Not hooked

#: 163   Function Name: NtGdiGetCertificateSize
Status: Not hooked

#: 164   Function Name: NtGdiGetCharABCWidthsW
Status: Not hooked

#: 165   Function Name: NtGdiGetCharacterPlacementW
Status: Not hooked

#: 166   Function Name: NtGdiGetCharSet
Status: Not hooked

#: 167   Function Name: NtGdiGetCharWidthW
Status: Not hooked

#: 168   Function Name: NtGdiGetCharWidthInfo
Status: Not hooked

#: 169   Function Name: NtGdiGetColorAdjustment
Status: Not hooked

#: 170   Function Name: NtGdiGetColorSpaceforBitmap
Status: Not hooked

#: 171   Function Name: NtGdiGetCOPPCompatibleOPMInformation
Status: Not hooked

#: 172   Function Name: NtGdiGetDCDword
Status: Not hooked

#: 173   Function Name: NtGdiGetDCforBitmap
Status: Not hooked

#: 174   Function Name: NtGdiGetDCObject
Status: Not hooked

#: 175   Function Name: NtGdiGetDCPoint
Status: Not hooked

#: 176   Function Name: NtGdiGetDeviceCaps
Status: Not hooked

#: 177   Function Name: NtGdiGetDeviceGammaRamp
Status: Not hooked

#: 178   Function Name: NtGdiGetDeviceCapsAll
Status: Not hooked

#: 179   Function Name: NtGdiGetDIBitsInternal
Status: Not hooked

#: 180   Function Name: NtGdiGetETM
Status: Not hooked

#: 181   Function Name: NtGdiGetEudcTimeStampEx
Status: Not hooked

#: 182   Function Name: NtGdiGetFontData
Status: Not hooked

#: 183   Function Name: NtGdiGetFontResourceInfoInternalW
Status: Not hooked

#: 184   Function Name: NtGdiGetGlyphIndicesW
Status: Not hooked

#: 185   Function Name: NtGdiGetGlyphIndicesWInternal
Status: Not hooked

#: 186   Function Name: NtGdiGetGlyphOutline
Status: Not hooked

#: 187   Function Name: NtGdiGetOPMInformation
Status: Not hooked

#: 188   Function Name: NtGdiGetKerningPairs
Status: Not hooked

#: 189   Function Name: NtGdiGetLinkedUFIs
Status: Not hooked

#: 190   Function Name: NtGdiGetMiterLimit
Status: Not hooked

#: 191   Function Name: NtGdiGetMonitorID
Status: Not hooked

#: 192   Function Name: NtGdiGetNearestColor
Status: Not hooked

#: 193   Function Name: NtGdiGetNearestPaletteIndex
Status: Not hooked

#: 194   Function Name: NtGdiGetObjectBitmapHandle
Status: Not hooked

#: 195   Function Name: NtGdiGetOPMRandomNumber
Status: Not hooked

#: 196   Function Name: NtGdiGetOutlineTextMetricsInternalW
Status: Not hooked

#: 197   Function Name: NtGdiGetPath
Status: Not hooked

#: 198   Function Name: NtGdiGetPixel
Status: Not hooked

#: 199   Function Name: NtGdiGetRandomRgn
Status: Not hooked

#: 200   Function Name: NtGdiGetRasterizerCaps
Status: Not hooked

#: 201   Function Name: NtGdiGetRealizationInfo
Status: Not hooked

#: 202   Function Name: NtGdiGetRegionData
Status: Not hooked

#: 203   Function Name: NtGdiGetRgnBox
Status: Not hooked

#: 204   Function Name: NtGdiGetServerMetaFileBits
Status: Not hooked

#: 205   Function Name: NtGdiGetSpoolMessage
Status: Not hooked

#: 206   Function Name: NtGdiGetStats
Status: Not hooked

#: 207   Function Name: NtGdiGetStockObject
Status: Not hooked

#: 208   Function Name: NtGdiGetStringBitmapW
Status: Not hooked

#: 209   Function Name: NtGdiGetSuggestedOPMProtectedOutputArra ySize
Status: Not hooked

#: 210   Function Name: NtGdiGetSystemPaletteUse
Status: Not hooked

#: 211   Function Name: NtGdiGetTextCharsetInfo
Status: Not hooked

#: 212   Function Name: NtGdiGetTextExtent
Status: Not hooked

#: 213   Function Name: NtGdiGetTextExtentExW
Status: Not hooked

#: 214   Function Name: NtGdiGetTextFaceW
Status: Not hooked

#: 215   Function Name: NtGdiGetTextMetricsW
Status: Not hooked

#: 216   Function Name: NtGdiGetTransform
Status: Not hooked

#: 217   Function Name: NtGdiGetUFI
Status: Not hooked

#: 218   Function Name: NtGdiGetEmbUFI
Status: Not hooked

#: 219   Function Name: NtGdiGetUFIPathname
Status: Not hooked

#: 220   Function Name: NtGdiGetEmbedFonts
Status: Not hooked

#: 221   Function Name: NtGdiChangeGhostFont
Status: Not hooked

#: 222   Function Name: NtGdiAddEmbFontToDC
Status: Not hooked

#: 223   Function Name: NtGdiGetFontUnicodeRanges
Status: Not hooked

#: 224   Function Name: NtGdiGetWidthTable
Status: Not hooked

#: 225   Function Name: NtGdiGradientFill
Status: Not hooked

#: 226   Function Name: NtGdiHfontCreate
Status: Not hooked

#: 227   Function Name: NtGdiIcmBrushInfo
Status: Not hooked

#: 228   Function Name: SURFACE::bUnMap
Status: Not hooked

#: 229   Function Name: NtGdiInitSpool
Status: Not hooked

#: 230   Function Name: NtGdiIntersectClipRect
Status: Not hooked

#: 231   Function Name: NtGdiInvertRgn
Status: Not hooked

#: 232   Function Name: NtGdiLineTo
Status: Not hooked

#: 233   Function Name: NtGdiMakeFontDir
Status: Not hooked

#: 234   Function Name: NtGdiMakeInfoDC
Status: Not hooked

#: 235   Function Name: NtGdiMaskBlt
Status: Not hooked

#: 236   Function Name: NtGdiModifyWorldTransform
Status: Not hooked

#: 237   Function Name: NtGdiMonoBitmap
Status: Not hooked

#: 238   Function Name: NtGdiMoveTo
Status: Not hooked

#: 239   Function Name: NtGdiOffsetClipRgn
Status: Not hooked

#: 240   Function Name: NtGdiOffsetRgn
Status: Not hooked

#: 241   Function Name: NtGdiOpenDCW
Status: Not hooked

#: 242   Function Name: NtGdiPatBlt
Status: Not hooked

#: 243   Function Name: NtGdiPolyPatBlt
Status: Not hooked

#: 244   Function Name: NtGdiPathToRegion
Status: Not hooked

#: 245   Function Name: NtGdiPlgBlt
Status: Not hooked

#: 246   Function Name: NtGdiPolyDraw
Status: Not hooked

#: 247   Function Name: NtGdiPolyPolyDraw
Status: Not hooked

#: 248   Function Name: NtGdiPolyTextOutW
Status: Not hooked

#: 249   Function Name: NtGdiPtInRegion
Status: Not hooked

#: 250   Function Name: NtGdiPtVisible
Status: Not hooked

#: 251   Function Name: NtGdiQueryFonts
Status: Not hooked

#: 252   Function Name: NtGdiQueryFontAssocInfo
Status: Not hooked

#: 253   Function Name: NtGdiRectangle
Status: Not hooked

#: 254   Function Name: NtGdiRectInRegion
Status: Not hooked

#: 255   Function Name: NtGdiRectVisible
Status: Not hooked

#: 256   Function Name: NtGdiRemoveFontResourceW
Status: Not hooked

#: 257   Function Name: NtGdiRemoveFontMemResourceEx
Status: Not hooked

#: 258   Function Name: NtGdiResetDC
Status: Not hooked

#: 259   Function Name: NtGdiResizePalette
Status: Not hooked

#: 260   Function Name: NtGdiRestoreDC
Status: Not hooked

#: 261   Function Name: NtGdiRoundRect
Status: Not hooked

#: 262   Function Name: NtGdiSaveDC
Status: Not hooked

#: 263   Function Name: NtGdiScaleViewportExtEx
Status: Not hooked

#: 264   Function Name: NtGdiScaleWindowExtEx
Status: Not hooked

#: 265   Function Name: GreSelectBitmap
Status: Not hooked

#: 266   Function Name: NtGdiSelectBrush
Status: Not hooked

#: 267   Function Name: NtGdiSelectClipPath
Status: Not hooked

#: 268   Function Name: NtGdiSelectFont
Status: Not hooked

#: 269   Function Name: NtGdiSelectPen
Status: Not hooked

#: 270   Function Name: NtGdiSetBitmapAttributes
Status: Not hooked

#: 271   Function Name: NtGdiSetBitmapBits
Status: Not hooked

#: 272   Function Name: NtGdiSetBitmapDimension
Status: Not hooked

#: 273   Function Name: NtGdiSetBoundsRect
Status: Not hooked

#: 274   Function Name: NtGdiSetBrushAttributes
Status: Not hooked

#: 275   Function Name: NtGdiSetBrushOrg
Status: Not hooked

#: 276   Function Name: NtGdiSetColorAdjustment
Status: Not hooked

#: 277   Function Name: NtGdiSetColorSpace
Status: Not hooked

#: 278   Function Name: NtGdiSetDeviceGammaRamp
Status: Not hooked

#: 279   Function Name: NtGdiSetDIBitsToDeviceInternal
Status: Not hooked

#: 280   Function Name: NtGdiSetFontEnumeration
Status: Not hooked

#: 281   Function Name: NtGdiSetFontXform
Status: Not hooked

#: 282   Function Name: NtGdiSetIcmMode
Status: Not hooked

#: 283   Function Name: NtGdiSetLinkedUFIs
Status: Not hooked

#: 284   Function Name: NtGdiSetMagicColors
Status: Not hooked

#: 285   Function Name: NtGdiSetMetaRgn
Status: Not hooked

#: 286   Function Name: NtGdiSetMiterLimit
Status: Not hooked

#: 287   Function Name: NtGdiGetDeviceWidth
Status: Not hooked

#: 288   Function Name: NtGdiMirrorWindowOrg
Status: Not hooked

#: 289   Function Name: NtGdiSetLayout
Status: Not hooked

#: 290   Function Name: NtGdiSetOPMSigningKeyAndSequenceNumbers
Status: Not hooked

#: 291   Function Name: NtGdiSetPixel
Status: Not hooked

#: 292   Function Name: NtGdiSetPixelFormat
Status: Not hooked

#: 293   Function Name: NtGdiSetRectRgn
Status: Not hooked

#: 294   Function Name: NtGdiSetSystemPaletteUse
Status: Not hooked

#: 295   Function Name: NtGdiSetTextJustification
Status: Not hooked

#: 296   Function Name: NtGdiSetupPublicCFONT
Status: Not hooked

#: 297   Function Name: NtGdiSetVirtualResolution
Status: Not hooked

#: 298   Function Name: NtGdiSetSizeDevice
Status: Not hooked

#: 299   Function Name: NtGdiStartDoc
Status: Not hooked

#: 300   Function Name: NtGdiStartPage
Status: Not hooked

#: 301   Function Name: NtGdiStretchBlt
Status: Not hooked

#: 302   Function Name: NtGdiStretchDIBitsInternal
Status: Not hooked

#: 303   Function Name: NtGdiStrokeAndFillPath
Status: Not hooked

#: 304   Function Name: NtGdiStrokePath
Status: Not hooked

#: 305   Function Name: NtGdiSwapBuffers
Status: Not hooked

#: 306   Function Name: NtGdiTransformPoints
Status: Not hooked

#: 307   Function Name: NtGdiTransparentBlt
Status: Not hooked

#: 308   Function Name: DxgStubCanCreateSurface
Status: Not hooked

#: 309   Function Name: NtGdiUMPDEngFreeUserMem
Status: Not hooked

#: 310   Function Name: NtGdiUnrealizeObject
Status: Not hooked

#: 311   Function Name: NtGdiUpdateColors
Status: Not hooked

#: 312   Function Name: NtGdiWidenPath
Status: Not hooked

#: 313   Function Name: NtUserActivateKeyboardLayout
Status: Not hooked

#: 314   Function Name: NtUserAddClipboardFormatListener
Status: Not hooked

#: 315   Function Name: NtUserAlterWindowStyle
Status: Not hooked

#: 316   Function Name: NtUserAssociateInputContext
Status: Not hooked

#: 317   Function Name: NtUserAttachThreadInput
Status: Not hooked

#: 318   Function Name: NtUserBeginPaint
Status: Not hooked

#: 319   Function Name: NtUserBitBltSysBmp
Status: Not hooked

#: 320   Function Name: NtUserBlockInput
Status: Not hooked

#: 321   Function Name: NtUserBuildHimcList
Status: Not hooked

#: 322   Function Name: NtUserBuildHwndList
Status: Not hooked

#: 323   Function Name: NtUserBuildNameList
Status: Not hooked

#: 324   Function Name: NtUserBuildPropList
Status: Not hooked

#: 325   Function Name: NtUserCallHwnd
Status: Not hooked

#: 326   Function Name: NtUserCallHwndLock
Status: Not hooked

#: 327   Function Name: NtUserCallHwndOpt
Status: Not hooked

#: 328   Function Name: NtUserCallHwndParam
Status: Not hooked

#: 329   Function Name: NtUserCallHwndParamLock
Status: Not hooked

#: 330   Function Name: NtUserCallMsgFilter
Status: Not hooked

#: 331   Function Name: NtUserCallNextHookEx
Status: Not hooked

#: 332   Function Name: NtUserCallNoParam
Status: Not hooked

#: 333   Function Name: NtUserCallOneParam
Status: Not hooked

#: 334   Function Name: NtUserCallTwoParam
Status: Not hooked

#: 335   Function Name: NtUserChangeClipboardChain
Status: Not hooked

#: 336   Function Name: NtUserChangeDisplaySettings
Status: Not hooked

#: 337   Function Name: NtUserCheckAccessForIntegrityLevel
Status: Not hooked

#: 338   Function Name: NtUserCheckDesktopByThreadId
Status: Not hooked

#: 339   Function Name: NtUserCheckWindowThreadDesktop
Status: Not hooked

#: 340   Function Name: NtUserCheckImeHotKey
Status: Not hooked

#: 341   Function Name: NtUserCheckMenuItem
Status: Not hooked

#: 342   Function Name: NtUserChildWindowFromPointEx
Status: Not hooked

#: 343   Function Name: NtUserClipCursor
Status: Not hooked

#: 344   Function Name: NtUserCloseClipboard
Status: Not hooked

#: 345   Function Name: NtUserCloseDesktop
Status: Not hooked

#: 346   Function Name: NtUserCloseWindowStation
Status: Not hooked

#: 347   Function Name: NtUserConsoleControl
Status: Not hooked

#: 348   Function Name: NtUserConvertMemHandle
Status: Not hooked

#: 349   Function Name: NtUserCopyAcceleratorTable
Status: Not hooked

#: 350   Function Name: NtUserCountClipboardFormats
Status: Not hooked

#: 351   Function Name: NtUserCreateAcceleratorTable
Status: Not hooked

#: 352   Function Name: NtUserCreateCaret
Status: Not hooked

#: 353   Function Name: NtUserCreateDesktopEx
Status: Not hooked

#: 354   Function Name: NtUserCreateInputContext
Status: Not hooked

#: 355   Function Name: NtUserCreateLocalMemHandle
Status: Not hooked

#: 356   Function Name: NtUserCreateWindowEx
Status: Not hooked

#: 357   Function Name: NtUserCreateWindowStation
Status: Not hooked

#: 358   Function Name: NtUserDdeInitialize
Status: Not hooked

#: 359   Function Name: NtUserDeferWindowPos
Status: Not hooked

#: 360   Function Name: NtUserDefSetText
Status: Not hooked

#: 361   Function Name: NtUserDeleteMenu
Status: Not hooked

#: 362   Function Name: NtUserDestroyAcceleratorTable
Status: Not hooked

#: 363   Function Name: NtUserDestroyCursor
Status: Not hooked

#: 364   Function Name: NtUserDestroyInputContext
Status: Not hooked

#: 365   Function Name: NtUserDestroyMenu
Status: Not hooked

#: 366   Function Name: NtUserDestroyWindow
Status: Not hooked

#: 367   Function Name: NtUserDisableThreadIme
Status: Not hooked

#: 368   Function Name: NtUserDispatchMessage
Status: Not hooked

#: 369   Function Name: NtUserDoSoundConnect
Status: Not hooked

#: 370   Function Name: NtUserDoSoundDisconnect
Status: Not hooked

#: 371   Function Name: NtUserDragDetect
Status: Not hooked

#: 372   Function Name: NtUserDragObject
Status: Not hooked

#: 373   Function Name: NtUserDrawAnimatedRects
Status: Not hooked

#: 374   Function Name: NtUserDrawCaption
Status: Not hooked

#: 375   Function Name: NtUserDrawCaptionTemp
Status: Not hooked

#: 376   Function Name: NtUserDrawIconEx
Status: Not hooked

#: 377   Function Name: NtUserDrawMenuBarTemp
Status: Not hooked

#: 378   Function Name: NtUserEmptyClipboard
Status: Not hooked

#: 379   Function Name: NtUserEnableMenuItem
Status: Not hooked

#: 380   Function Name: NtUserEnableScrollBar
Status: Not hooked

#: 381   Function Name: NtUserEndDeferWindowPosEx
Status: Not hooked

#: 382   Function Name: NtUserEndMenu
Status: Not hooked

#: 383   Function Name: NtUserEndPaint
Status: Not hooked

#: 384   Function Name: NtUserEnumDisplayDevices
Status: Not hooked

#: 385   Function Name: NtUserEnumDisplayMonitors
Status: Not hooked

#: 386   Function Name: NtUserEnumDisplaySettings
Status: Not hooked

#: 387   Function Name: NtUserEvent
Status: Not hooked

#: 388   Function Name: NtUserExcludeUpdateRgn
Status: Not hooked

#: 389   Function Name: NtUserFillWindow
Status: Not hooked

#: 390   Function Name: NtUserFindExistingCursorIcon
Status: Not hooked

#: 391   Function Name: NtUserFindWindowEx
Status: Not hooked

#: 392   Function Name: NtUserFlashWindowEx
Status: Not hooked

#: 393   Function Name: NtUserFrostCrashedWindow
Status: Not hooked

#: 394   Function Name: NtUserGetAltTabInfo
Status: Not hooked

#: 395   Function Name: NtUserGetAncestor
Status: Not hooked

#: 396   Function Name: NtUserGetAppImeLevel
Status: Not hooked

#: 397   Function Name: NtUserGetAsyncKeyState
Status: Not hooked

#: 398   Function Name: NtUserGetAtomName
Status: Not hooked

#: 399   Function Name: NtUserGetCaretBlinkTime
Status: Not hooked

#: 400   Function Name: NtUserGetCaretPos
Status: Not hooked

#: 401   Function Name: NtUserGetClassInfoEx
Status: Not hooked

#: 402   Function Name: NtUserGetClassName
Status: Not hooked

#: 403   Function Name: NtUserGetClipboardData
Status: Not hooked

#: 404   Function Name: NtUserGetClipboardFormatName
Status: Not hooked

#: 405   Function Name: NtUserGetClipboardOwner
Status: Not hooked

#: 406   Function Name: NtUserGetClipboardSequenceNumber
Status: Not hooked

#: 407   Function Name: NtUserGetClipboardViewer
Status: Not hooked

#: 408   Function Name: NtUserGetClipCursor
Status: Not hooked

#: 409   Function Name: NtUserGetComboBoxInfo
Status: Not hooked

#: 410   Function Name: NtUserGetControlBrush
Status: Not hooked

#: 411   Function Name: NtUserGetControlColor
Status: Not hooked

#: 412   Function Name: NtUserGetCPD
Status: Not hooked

#: 413   Function Name: NtUserGetCursorFrameInfo
Status: Not hooked

#: 414   Function Name: NtUserGetCursorInfo
Status: Not hooked

#: 415   Function Name: NtUserGetDC
Status: Not hooked

#: 416   Function Name: NtUserGetDCEx
Status: Not hooked

#: 417   Function Name: NtUserGetDoubleClickTime
Status: Not hooked

#: 418   Function Name: NtUserGetForegroundWindow
Status: Not hooked

#: 419   Function Name: NtUserGetGuiResources
Status: Not hooked

#: 420   Function Name: NtUserGetGUIThreadInfo
Status: Not hooked

#: 421   Function Name: NtUserGetIconInfo
Status: Not hooked

#: 422   Function Name: NtUserGetIconSize
Status: Not hooked

#: 423   Function Name: NtUserGetImeHotKey
Status: Not hooked

#: 424   Function Name: NtUserGetImeInfoEx
Status: Not hooked

#: 425   Function Name: NtUserGetInternalWindowPos
Status: Not hooked

#: 426   Function Name: NtUserGetKeyboardLayoutList
Status: Not hooked

#: 427   Function Name: NtUserGetKeyboardLayoutName
Status: Not hooked

#: 428   Function Name: NtUserGetKeyboardState
Status: Not hooked

#: 429   Function Name: NtUserGetKeyNameText
Status: Not hooked

#: 430   Function Name: NtUserGetKeyState
Status: Not hooked

#: 431   Function Name: NtUserGetListBoxInfo
Status: Not hooked

#: 432   Function Name: NtUserGetMenuBarInfo
Status: Not hooked

#: 433   Function Name: NtUserGetMenuIndex
Status: Not hooked

#: 434   Function Name: NtUserGetMenuItemRect
Status: Not hooked

#: 435   Function Name: NtUserGetMessage
Status: Not hooked

#: 436   Function Name: NtUserGetMouseMovePointsEx
Status: Not hooked

#: 437   Function Name: NtUserGetObjectInformation
Status: Not hooked

#: 438   Function Name: NtUserGetOpenClipboardWindow
Status: Not hooked

#: 439   Function Name: NtUserGetPriorityClipboardFormat
Status: Not hooked

#: 440   Function Name: NtUserGetProcessWindowStation
Status: Not hooked

#: 441   Function Name: NtUserGetRawInputBuffer
Status: Not hooked

#: 442   Function Name: NtUserGetRawInputData
Status: Not hooked

#: 443   Function Name: NtUserGetRawInputDeviceInfo
Status: Not hooked

#: 444   Function Name: NtUserGetRawInputDeviceList
Status: Not hooked

#: 445   Function Name: NtUserGetRegisteredRawInputDevices
Status: Not hooked

#: 446   Function Name: NtUserGetScrollBarInfo
Status: Not hooked

#: 447   Function Name: NtUserGetSystemMenu
Status: Not hooked

#: 448   Function Name: NtUserGetThreadDesktop
Status: Not hooked

#: 449   Function Name: NtUserGetThreadState
Status: Not hooked

#: 450   Function Name: NtUserGetTitleBarInfo
Status: Not hooked

#: 451   Function Name: NtUserGet

[robert1]

RootRepeal File check Failed a hour in to it.

This is the error report from RootRepeal

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x0040ab12
Attempt to write to address: 0x00000004
 

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt