Another PC with issues

[TylerDoom]

This one is an Acer Aspire 4720Z Notebook With XP...

To start I won't post any logs because I cannot get past the first step. I have AVG free on it now, and it will not connect to the server to update.   Here is the message "Error: Failed to connect to server updateasfreeinfo.grisoft.com" 

   Also when I got to the notebook, it said it had no sound drivers and the internet wouldnt connect for jack.

  So I ran Kasperky Rescue Disk 10 because I couldnt download anything or connect here to ask you guys for help. After Kasperky did its thing, I booted up and the sound was back and everything seemed ok.  but it still has issues.. Some programs download but when I click to run the installer it doesnt load anything at all.. sometimes with Malwares bytes for example it says its missing some type of file and doesn't start the installer..   I can find out any other info needed but this will hopefully get things started on getting help from a pro...


  Thanks for your time anyone who can help.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr
* Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.

Now try to run SAS and MBAM.

[TylerDoom]

I got SAS to update after running the first link for Rkill. then I ran complete scan, it ran for about 5 mins, and went to blue screen..

  Here is what it said where Technical info is at:

   "Technical info

   *** STOP: 0x0000008E, (0xc00000005, 0xBF80121B, 0x9999BA48,0x00000000)


   *** Win32K.sys  -  ADRESS BF80121B base at BF800000 DATESTAMP 46dd1407"

I will try to download Malwarebytes again.. I'll post if that helps anything.

[TylerDoom]

I still cannot get AVG to update tho

MWB installed, updated and ran fine.. Here is the Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4816

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

14/10/2553 8:42:35
mbam-log-2010-10-14 (08-42-35).txt

Scan type: Quick scan
Objects scanned: 142652
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[SuperDave]

That error message could be related to Service packs. What SP is on that computer. It should be SP2.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[TylerDoom]

This Notebook has SP2.  Also thanks a ton for your time. I always appreciate it.


Here is the Combofix Log:


ComboFix 10-10-12.03 - Administrator 10/15/2010  11:09:18.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.874.66.1033.18.2038.1248 [GMT 7:00]
Running from: c:\documents and settings\Administrator\desktop\commy.exe
Command switches used :: /stepdel
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Outpost Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\d4s.hst
c:\windows\system32\msconfig.exe

.
(((((((((((((((((((((((((   Files Created from 2010-09-15 to 2010-10-15  )))))))))))))))))))))))))))))))
.

2010-10-14 01:13 . 2010-10-14 01:13   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-14 01:13 . 2010-04-29 08:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-14 01:13 . 2010-10-14 01:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-10-14 01:13 . 2010-10-14 01:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-14 01:13 . 2010-04-29 08:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-10-11 03:47 . 2010-10-11 03:48   --------   d-----w-   c:\windows\.jagex_cache_32
2010-10-11 03:21 . 2010-10-11 03:21   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-10-10 14:26 . 2010-10-10 14:26   --------   d-----w-   c:\windows\system32\KB905474
2010-10-08 02:44 . 2010-02-24 12:31   454016   ------w-   c:\windows\system32\dllcache\mrxsmb.sys
2010-10-08 02:43 . 2008-07-03 13:16   8454656   ------w-   c:\windows\system32\dllcache\shell32.dll
2010-10-07 20:53 . 2010-10-07 20:53   --------   d-----w-   c:\windows\system32\XPSViewer
2010-10-07 20:53 . 2010-10-07 20:53   --------   d-----w-   c:\program files\MSBuild
2010-10-07 20:53 . 2010-10-07 20:53   --------   d-----w-   c:\program files\Reference Assemblies
2010-10-07 20:53 . 2008-07-06 12:06   89088   ----a-w-   c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-07 20:53 . 2008-07-06 12:06   89088   ------w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-07 20:53 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2010-10-07 20:53 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-07 20:53 . 2008-07-06 12:06   117760   ------w-   c:\windows\system32\prntvpt.dll
2010-10-07 20:53 . 2008-07-06 10:50   597504   ------w-   c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-07 20:53 . 2008-07-06 10:50   597504   ------w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-07 20:53 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2010-10-07 20:53 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\dllcache\xpssvcs.dll
2010-10-07 18:00 . 2010-01-29 15:08   683520   ------w-   c:\windows\system32\dllcache\inetcomm.dll
2010-10-07 18:00 . 2010-01-29 15:08   1315840   ------w-   c:\windows\system32\dllcache\msoe.dll
2010-10-07 12:48 . 2009-10-21 06:00   75776   ------w-   c:\windows\system32\dllcache\strmfilt.dll
2010-10-07 12:48 . 2009-10-21 06:00   25088   ------w-   c:\windows\system32\dllcache\httpapi.dll
2010-10-07 12:48 . 2009-10-20 14:58   263552   ------w-   c:\windows\system32\dllcache\http.sys
2010-10-07 08:06 . 2009-12-16 12:58   343040   ------w-   c:\windows\system32\dllcache\mspaint.exe
2010-10-07 08:06 . 2009-11-27 17:33   17920   ------w-   c:\windows\system32\dllcache\msyuv.dll
2010-10-07 08:06 . 2008-06-12 14:16   91648   ------w-   c:\windows\system32\dllcache\mtxoci.dll
2010-10-07 08:06 . 2008-06-12 14:16   66560   ------w-   c:\windows\system32\dllcache\mtxclu.dll
2010-10-07 08:06 . 2008-06-12 14:16   58880   ------w-   c:\windows\system32\dllcache\msdtclog.dll
2010-10-07 08:06 . 2008-06-12 14:16   161792   ------w-   c:\windows\system32\dllcache\msdtcuiu.dll
2010-10-07 08:06 . 2008-06-12 14:16   956928   ------w-   c:\windows\system32\dllcache\msdtctm.dll
2010-10-07 08:06 . 2008-06-12 14:16   428032   ------w-   c:\windows\system32\dllcache\msdtcprx.dll
2010-10-07 08:03 . 2009-08-05 09:11   204800   ------w-   c:\windows\system32\dllcache\mswebdvd.dll
2010-10-07 08:02 . 2008-04-21 10:02   215552   ------w-   c:\windows\system32\dllcache\wordpad.exe
2010-10-07 07:55 . 2010-10-07 07:55   --------   d-----w-   c:\program files\MSXML 6.0
2010-10-07 07:54 . 2010-10-07 07:54   --------   d-----w-   c:\windows\ServicePackFiles
2010-10-06 01:39 . 2009-11-21 16:36   470528   ------w-   c:\windows\system32\dllcache\aclayers.dll
2010-10-06 01:39 . 2008-06-24 16:23   74240   ------w-   c:\windows\system32\dllcache\mscms.dll
2010-10-06 01:39 . 2008-07-07 20:32   253952   ------w-   c:\windows\system32\dllcache\es.dll
2010-10-06 01:39 . 2010-03-05 14:57   65536   ------w-   c:\windows\system32\dllcache\asycfilt.dll
2010-10-06 01:30 . 2010-01-13 14:10   85504   ------w-   c:\windows\system32\dllcache\cabview.dll
2010-10-06 01:29 . 2009-08-26 08:16   247326   ------w-   c:\windows\system32\dllcache\strmdll.dll
2010-10-06 01:29 . 2009-12-24 07:05   177664   ------w-   c:\windows\system32\dllcache\wintrust.dll
2010-10-06 01:29 . 2009-09-11 14:33   133632   ------w-   c:\windows\system32\dllcache\msv1_0.dll
2010-10-06 01:29 . 2009-06-25 08:44   56320   ------w-   c:\windows\system32\dllcache\secur32.dll
2010-10-06 01:29 . 2009-06-22 11:34   92544   ------w-   c:\windows\system32\dllcache\ksecdd.sys
2010-10-06 01:29 . 2009-06-25 08:44   724480   ------w-   c:\windows\system32\dllcache\lsasrv.dll
2010-10-06 01:29 . 2009-06-25 08:44   59392   ------w-   c:\windows\system32\dllcache\wdigest.dll
2010-10-06 01:29 . 2009-06-25 08:44   298496   ------w-   c:\windows\system32\dllcache\kerberos.dll
2010-10-06 01:29 . 2009-06-25 08:44   168448   ------w-   c:\windows\system32\dllcache\schannel.dll
2010-10-06 01:29 . 2009-12-31 16:14   352640   ------w-   c:\windows\system32\dllcache\srv.sys
2010-10-06 01:28 . 2009-07-17 16:27   1435648   ------w-   c:\windows\system32\dllcache\query.dll
2010-10-06 01:27 . 2008-08-14 09:51   138368   ------w-   c:\windows\system32\dllcache\afd.sys
2010-10-06 01:27 . 2010-02-12 04:47   100864   ------w-   c:\windows\system32\dllcache\6to4svc.dll
2010-10-06 01:27 . 2008-06-20 17:41   245248   ------w-   c:\windows\system32\dllcache\mswsock.dll
2010-10-06 01:27 . 2008-06-20 10:45   360320   ------w-   c:\windows\system32\dllcache\tcpip.sys
2010-10-06 01:27 . 2009-04-15 15:11   584192   ------w-   c:\windows\system32\dllcache\rpcrt4.dll
2010-10-06 01:26 . 2008-05-08 12:28   202752   ------w-   c:\windows\system32\dllcache\rmcast.sys
2010-10-05 21:12 . 2009-12-14 07:35   33280   ------w-   c:\windows\system32\dllcache\csrsrv.dll
2010-10-05 21:11 . 2010-05-02 05:56   1850880   ------w-   c:\windows\system32\dllcache\win32k.sys
2010-10-05 21:11 . 2008-05-01 14:30   331776   ------w-   c:\windows\system32\dllcache\msadce.dll
2010-10-05 21:09 . 2009-06-10 06:32   132096   ------w-   c:\windows\system32\dllcache\wkssvc.dll
2010-10-05 21:04 . 2009-09-04 20:45   58880   ------w-   c:\windows\system32\dllcache\msasn1.dll
2010-10-05 20:40 . 2009-03-21 14:18   986112   ------w-   c:\windows\system32\dllcache\kernel32.dll
2010-10-05 20:40 . 2010-04-20 05:51   285696   ------w-   c:\windows\system32\dllcache\atmfd.dll
2010-10-05 20:40 . 2009-06-12 11:50   80896   ------w-   c:\windows\system32\dllcache\tlntsess.exe
2010-10-05 20:40 . 2009-06-12 11:50   76288   ------w-   c:\windows\system32\dllcache\telnet.exe
2010-10-05 20:38 . 2009-06-09 15:06   1871872   ------w-   c:\windows\system32\dllcache\mstscax.dll
2010-10-05 20:37 . 2009-10-23 14:27   3555328   ------w-   c:\windows\system32\dllcache\moviemk.exe
2010-10-05 20:37 . 2009-10-15 17:21   82432   ------w-   c:\windows\system32\dllcache\fontsub.dll
2010-10-05 20:36 . 2009-10-12 13:54   69632   ------w-   c:\windows\system32\dllcache\raschap.dll
2010-10-05 20:36 . 2009-10-12 13:54   112128   ------w-   c:\windows\system32\dllcache\rastls.dll
2010-10-05 20:36 . 2009-05-07 15:44   344064   ------w-   c:\windows\system32\dllcache\localspl.dll
2010-10-05 20:35 . 2009-06-21 22:04   153088   ------w-   c:\windows\system32\dllcache\triedit.dll
2010-10-05 20:30 . 2009-10-13 10:53   266752   ------w-   c:\windows\system32\dllcache\oakley.dll
2010-10-05 20:30 . 2010-02-05 18:40   1291264   ------w-   c:\windows\system32\dllcache\quartz.dll
2010-10-05 20:29 . 2009-11-27 16:37   8704   ------w-   c:\windows\system32\dllcache\tsbyuv.dll
2010-10-05 20:29 . 2009-11-27 16:37   84992   ------w-   c:\windows\system32\dllcache\avifil32.dll
2010-10-05 20:29 . 2009-11-27 16:37   48128   ------w-   c:\windows\system32\dllcache\iyuv_32.dll
2010-10-05 20:29 . 2009-11-27 16:37   28672   ------w-   c:\windows\system32\dllcache\msvidc32.dll
2010-10-05 20:29 . 2009-11-27 16:37   11264   ------w-   c:\windows\system32\dllcache\msrle32.dll
2010-10-05 20:29 . 2009-08-25 09:47   352256   ------w-   c:\windows\system32\dllcache\winhttp.dll
2010-10-05 20:29 . 2009-07-17 18:55   58880   ------w-   c:\windows\system32\dllcache\atl.dll
2010-10-05 20:27 . 2010-05-04 17:20   459264   ------w-   c:\windows\system32\dllcache\msfeeds.dll
2010-10-05 20:27 . 2010-05-04 17:20   52224   ------w-   c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-05 20:27 . 2010-05-04 17:20   268288   ------w-   c:\windows\system32\dllcache\iertutil.dll
2010-10-05 20:27 . 2010-05-04 17:20   380928   ------w-   c:\windows\system32\dllcache\ieapfltr.dll
2010-10-05 20:27 . 2010-05-04 17:20   63488   ------w-   c:\windows\system32\dllcache\icardie.dll
2010-10-05 20:27 . 2010-04-16 13:24   13824   ------w-   c:\windows\system32\dllcache\ieudinit.exe
2010-10-05 20:27 . 2010-02-22 22:04   2452872   ------w-   c:\windows\system32\dllcache\ieapfltr.dat
2010-10-05 20:27 . 2010-05-04 17:20   6067200   ------w-   c:\windows\system32\dllcache\ieframe.dll
2010-10-05 20:27 . 2008-10-15 16:57   332800   ------w-   c:\windows\system32\dllcache\netapi32.dll
2010-10-05 20:26 . 2009-07-31 04:57   1172480   ------w-   c:\windows\system32\dllcache\msxml3.dll
2010-10-05 20:26 . 2008-10-23 13:01   283648   ------w-   c:\windows\system32\dllcache\gdi32.dll
2010-10-04 22:26 . 2008-06-13 13:10   272128   ------w-   c:\windows\system32\drivers\bthport.sys
2010-10-04 22:26 . 2008-06-13 13:10   272128   ------w-   c:\windows\system32\dllcache\bthport.sys
2010-10-04 20:32 . 2010-10-04 20:32   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-10-04 20:32 . 2010-10-04 20:32   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-10-04 17:24 . 2009-04-06 04:37   704384   ----a-w-   c:\windows\system32\drivers\SandBox.sys
2010-10-04 17:23 . 2009-02-10 09:15   257432   ----a-w-   c:\windows\system32\drivers\afwcore.sys
2010-10-04 17:22 . 2009-02-18 10:30   31128   ----a-w-   c:\windows\system32\drivers\afw.sys
2010-10-04 17:22 . 2010-10-04 17:22   --------   d-----w-   c:\program files\Agnitum
2010-10-04 17:22 . 2010-10-04 17:22   --------   d-----w-   c:\documents and settings\All Users\Application Data\Agnitum
2010-10-02 21:03 . 2010-10-02 22:56   --------   d---a-w-   C:\Kaspersky Rescue Disk 10.0
2010-10-02 20:49 . 2010-10-02 20:49   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Grisoft
2010-10-02 20:49 . 2007-05-30 12:10   10872   ----a-w-   c:\windows\system32\drivers\AvgAsCln.sys
2010-10-02 20:49 . 2010-10-02 20:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\Grisoft
2010-09-30 19:53 . 2010-09-30 19:53   --------   d-----w-   C:\found.000

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2007-04-05 . 7179AC3F4258AEC9627590A842FDA1D6 . 574976 . . [5.1.2600.3113] . . c:\windows\system32\drivers\ntfs.sys

[-] 2007-11-28 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\browser.dll

[-] 2007-11-28 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll

[-] 2007-11-28 . 17A0D43C80DB5348759C649835A78CFC . 408064 . . [6.7.2600.3143] . . c:\windows\system32\qmgr.dll

[-] 2007-11-28 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[-] 2007-11-28 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2007-11-28 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll

[-] 2007-11-28 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\linkinfo.dll

[-] 2007-11-28 . 154C00AE9C017C3650E33CE75116A312 . 343040 . . [7.0.2600.3085] . . c:\windows\system32\msvcrt.dll
[-] 2007-02-19 . 4295F398C188D02DC7A5899EAC121914 . 343040 . . [7.0.2600.3085] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.3085_x-ww_e059201c\msvcrt.dll
[7] 2001-08-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\SP2QFE\netlogon.dll
[-] 2007-11-28 . 5FD8684F1C5DD26509383F6CCDAEE3A3 . 407040 . . [5.1.2600.3175] . . c:\windows\system32\netlogon.dll

[-] 2007-11-28 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[-] 2007-11-28 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll

[-] 2007-11-28 . 31EC9657D9C76143F6E61FC19851445F . 975360 . . [6.00.2900.3156] . . c:\windows\explorer.exe

[-] 2007-11-28 . C7BDF67819BCA03DA1B832AF3C826093 . 1287168 . . [5.1.2600.3124] . . c:\windows\system32\ole32.dll

[-] 2007-11-28 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll

[-] 2007-11-28 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll

[-] 2005-05-27 04:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2007-11-28 06:28 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll

[-] 2007-11-28 06:31 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2007-11-28 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll

[-] 1999-03-08 07:00 . CE0155405EA902797E88B92A78443AEB . 164112 . . [5.0.4275] . . c:\windows\system32\olepro32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b876028-b388-4f6d-922f-f52faec8535f}]
2010-10-13 04:59   2735200   ----a-w-   c:\program files\WeFiBar\tbWeF1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF}]
2008-11-04 19:33   147456   ----a-w-   c:\documents and settings\All Users\Application Data\uPlayMe\plugins\MSIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0b876028-b388-4f6d-922f-f52faec8535f}"= "c:\program files\WeFiBar\tbWeF1.dll" [2010-10-13 2735200]

[HKEY_CLASSES_ROOT\clsid\{0b876028-b388-4f6d-922f-f52faec8535f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0B876028-B388-4F6D-922F-F52FAEC8535F}"= "c:\program files\WeFiBar\tbWeF1.dll" [2010-10-13 2735200]

[HKEY_CLASSES_ROOT\clsid\{0b876028-b388-4f6d-922f-f52faec8535f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-05-17 1230848]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"slide.exe"="c:\program files\slide\slide.exe" [2007-06-08 37760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-18 68856]
"wefi"="c:\program files\WeFi\WeFi.exe" [2010-03-16 531800]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-11-28 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"VisualTooltip"="c:\program files\Utilities\VisualTooltip\VisualToolTip.exe" [2007-04-25 956928]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\Launch Manager\QtZgAcer.EXE" [2007-10-16 707080]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-24 851968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-12 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-12 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-12 138008]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"WinampAgent"="c:\progra~1\Winamp\winampa.exe" [2008-01-15 37376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-28 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-31 271672]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"WebcamMaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" [2008-02-12 456024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-14 428032]
"OutpostMonitor"="c:\progra~1\Agnitum\Outpost Firewall\op_mon.exe" [2009-04-14 2374464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-05-17 1230848]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2010-05-04 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-4-4 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-4 113664]
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2008-11-13 161160]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcstart.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"57145:TCP"= 57145:TCP:Pando P2P TCP Listening Port
"57145:UDP"= 57145:UDP:Pando P2P UDP Listening Port
"443:TCP"= 443:TCP:ooVoo TCP port 443

R0 iastor76;iastor76;c:\windows\system32\drivers\iastor76.sys [28/11/2550 14:15 305176]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [5/10/2553 0:24 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18/2/2553 1:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/5/2553 1:41 67656]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\Outpost Firewall\acs.exe [5/10/2553 0:22 1195008]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [9/2/2551 11:58 941784]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [5/10/2553 0:22 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [5/10/2553 0:23 257432]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [19/3/2551 18:31 5632]
R3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [16/3/2553 22:23 133976]
R3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\drivers\winbondhidcir.sys [19/3/2551 18:31 21504]
S2 gupdate;บริการอัปเดตของ Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/2/2553 13:15 135664]
S4 Netsipksa;Netsipksa;

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
2004-08-04 00:56   11776   ----a-w-   c:\program files\Windows Sidebar\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
2004-08-04 00:56   11776   ----a-w-   c:\program files\Windows Sidebar\regsvr32.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 06:15]

2010-10-15 c:\windows\Tasks\At1.job
- c:\documents and settings\All Users\Application Data\uPlayMe\upm_updater.exe [2008-11-04 10:57]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 06:15]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 06:15]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-823518204-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-14 00:31]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-823518204-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-14 00:31]

2010-10-15 c:\windows\Tasks\User_Feed_Synchronization-{35027088-877E-4750-AFDC-82F9A98F483B}.job
- c:\windows\system32\msfeedssync.exe [2008-03-19 16:58]

2010-10-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-10-10 15:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-PoivY - c:\program files\PoivY.com\PoivY\PoivY.exe
HKLM-Run-BroadcomWireless - c:\program files\Broadcom\Wireless\Utility\WlanUtil.exe
HKLM-Run-uPlayMe - c:\program files\uPlayMe\uPlayMe.exe
SafeBoot-AVG Anti-Spyware Driver
ActiveSetup-{D58F39FF-953E-4F45-898F-59F243B9A523} - HIDEC


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1412)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-10-15  11:15:10
ComboFix-quarantined-files.txt  2010-10-15 04:15

Pre-Run: 38,747,570,176 bytes free
Post-Run: 38,793,187,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C6C8A719FA11F49AD0C642469BDEBE4D

[SuperDave]

I noticed in the log that there are two firewalls. Please make sure that you don't enable more than one.

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

• Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  
• Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
• Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
• It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
• Once inside the interface, do not fix anything. Click on the Report tab.
  
• Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  
• It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
• When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

[TylerDoom]

Thanks for ur time and support SuperDave.

Here is the Log for RKU:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtAssignProcessToJobObject, Type: Address change 0x805D4E98-->9A1FEA60 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtClose, Type: Address change 0x805BAF74-->9A1E3BF0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtConnectPort, Type: Address change 0x805A30A6-->9A200920 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateFile, Type: Address change 0x80577ECA-->9A1DFF60 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x80622142-->9A1EB090 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateProcess, Type: Address change 0x805CFAE4-->9A1F72B0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Address change 0x805CFA2E-->9A1F7BB0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateSection, Type: Address change 0x805A9E9E-->9A1DED10 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateSymbolicLinkObject, Type: Address change 0x805C36A8-->9A1EAE40 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x805CF8CC-->9A1F5D70 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtDebugActiveProcess, Type: Address change 0x806412A2-->9A203F30 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtDeleteFile, Type: Address change 0x80575AB2-->9A1E9B20 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x806225DE-->9A1EC900 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x806227AE-->9A1F33A0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtLoadDriver, Type: Address change 0x80582EA6-->9A1F4BB0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtMakeTemporaryObject, Type: Address change 0x805BB018-->9A1EA6B0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtOpenFile, Type: Address change 0x80578FC8-->9A1E2C10 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x806234E4-->9A1EBFC0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805C9D0E-->9CA258AC [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys]
ntkrnlpa.exe-->NtOpenSection, Type: Address change 0x805A8EC2-->9A1DF580 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805C9F9A-->9A1F9060 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtProtectVirtualMemory, Type: Address change 0x805B6E62-->9A1FFDA0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtQueryDirectoryFile, Type: Address change 0x80578CAA-->9A1E48A0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtQueryKey, Type: Address change 0x80623824-->9A1EE750 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x806201E8-->9A1EEFA0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtQueueApcThread, Type: Address change 0x805CFB2A-->9A1FDED0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtRenameKey, Type: Address change 0x80621B68-->9A1F2590 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtReplaceKey, Type: Address change 0x80623D4A-->9A1F0500 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtRequestPort, Type: Address change 0x805A1520-->9A202A50 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: Address change 0x805A184C-->9A202D70 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x80620536-->9A1F1D20 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSaveKey, Type: Address change 0x806205D8-->9A1F0C80 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSaveKeyEx, Type: Address change 0x80620668-->9A1F14D0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSecureConnectPort, Type: Address change 0x805A283A-->9A201480 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x805CFFEE-->9A1FD440 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSetInformationDebugObject, Type: Address change 0x80640D3C-->9A204520 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSetInformationFile, Type: Address change 0x80579E30-->9A1E5BF0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSetSystemInformation, Type: Address change 0x8060DC1E-->9A1F41C0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x806207EE-->9A1EF820 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSuspendProcess, Type: Address change 0x805D32D8-->9A1FC190 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSuspendThread, Type: Address change 0x805D314A-->9A1FCAC0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSystemDebugControl, Type: Address change 0x80615F98-->9A203770 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D1238-->9CA25812 [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805D1432-->9A1FB620 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtUnloadDriver, Type: Address change 0x8058303A-->9A1F5530 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805B2E10-->9A1FF2B0 [C:\WINDOWS\system32\drivers\SandBox.sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserAttachThreadInput, Type: Address change 0xBF8F5689-->9A2081A0 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF8670A0-->9A207DB0 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF81C962-->9A2076B0 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserMessageCall, Type: Address change 0xBF80F06A-->9A205ED0 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserPostMessage, Type: Address change 0xBF80851A-->9A2053D0 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserPostThreadMessage, Type: Address change 0xBF8716EB-->9A205760 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserRegisterRawInputDevices, Type: Address change 0xBF916778-->9A208600 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserSendInput, Type: Address change 0xBF8C333C-->9A207380 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF8BA260-->9A206290 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0xBF8F9A43-->9A206A60 [C:\WINDOWS\system32\drivers\SandBox.sys]
==============================================
>Processes
==============================================
0x8A642660 [4] System
0x898E39E0 [248] C:\Program Files\LClock\LClock.exe (-, LClock Application)
0x89870330 [252] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x8936C020 [292] C:\Program Files\WeFi\WefiEngSvc.exe (WeFi, WefiEngSvc.exe)
0x898816B8 [312] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x894DA020 [340] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x895C58B0 [532] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG, Nero Home)
0x866B1440 [700] C:\Program Files\Slide\Slide.exe (Slide, Inc., Slide)
0x8642F260 [736] C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG, Nero Home)
0x86512810 [752] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc., GoogleToolbarNotifier)
0x86471800 [776] C:\Program Files\WeFi\WeFi.exe (WeFi, WeFi Application)
0x865C23D8 [800] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation, Windows Sidebar)
0x8939B020 [836] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x898533A8 [920] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x899E9020 [996] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8673DDA0 [1108] C:\Program Files\CyberLink\Shared files\RichVideo.exe (-, RichVideo Module)
0x86774DA0 [1128] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp., Microsoft SeaPort Search Enhancement Broker)
0x894F77A0 [1136] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x86773BC0 [1200] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89A98020 [1336] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x8991EAB8 [1388] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8988C440 [1412] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x89833DA0 [1456] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x898374D8 [1468] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8938BBC8 [1620] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x893B7020 [1708] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89559020 [1748] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x893CD020 [1772] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation., Bluetooth Support Server)
0x8935D020 [1872] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x899E1020 [1972] C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems, Agere Soft Modem Call Progress Service)
0x89BBD818 [1988] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc., Apple Mobile Device Service)
0x89617DA0 [2012] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o., AVG Anti-Spyware guard)
0x89B14DA0 [2024] C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation, B's Recorder GOLD Service Library)
0x864099B8 [2140] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module)
0x865D4AE8 [2320] C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation, Windows Genuine Advantage Notification)
0x8994AA28 [2340] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x866AA768 [2472] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x865FB3A8 [2672] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x8643A910 [2864] C:\Documents and Settings\Administrator\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\cabNcnGxAt.exe (UG North, RKULE, SR2 Normandy)
0x895F34E8 [3060] C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG, Nero Home)
0x89395020 [3172] C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd., -)
0x86564440 [3196] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation., Bluetooth Tray Application)
0x86474AE8 [3340] C:\WINDOWS\VistaDrive\vistadrive.exe (-, -)
0x8643DDA0 [3348] C:\Program Files\Unlocker\UnlockerAssistant.exe
0x86421020 [3360] C:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe (Christian Salmon, Affiche les miniatures des fenêtres dans la barre des taches au passage du curseur de la souris)
0x866FE558 [3408] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp., Realtek HD Audio Control Panel)
0x8648F588 [3452] C:\PROGRA~1\Launch Manager\QtZgAcer.EXE (Dritek System Inc., Launch Manager)
0x895E5020 [3460] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x89953B28 [3472] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation, igfxTray Module)
0x898B1020 [3496] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x866C1958 [3512] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation, persistence Module)
0x89437260 [3536] C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x898B0448 [3544] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp., PowerDVD RC Service)
0x866D3DA0 [3608] C:\PROGRA~1\Winamp\winampa.exe
0x866C4BC0 [3644] C:\WINDOWS\system32\igfxext.exe (Intel Corporation, igfxext Module)
0x865BA630 [3668] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x86374DA0 [3688] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x8649E020 [3756] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper Module)
0x8651C9A0 [3796] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc., AcroTray)
0x866CDBC8 [3804] C:\Program Files\WebcamMax\wcmmon.exe
0x86762620 [3848] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp., Realtek HD Audio Data Rerouter)
0x864277D8 [3872] C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd., Activation Licensing Service)
0x863CB368 [3924] C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x866CFDA0 [4016] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o., AVG Anti-Spyware)
0x899BD620 [4064] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x8959D8B0 [4084] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation, Windows Sidebar)
0x89A90BC8 [1968] C:\PROGRA~1\Agnitum\Outpost Firewall\acs.exe (Agnitum Ltd., Agnitum Outpost Service)
0x895C4020 [4056] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd., Outpost User Interface)
==============================================
>Drivers
==============================================
0xB76C9000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5763072 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0x9A587000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4575232 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF1F2000 C:\WINDOWS\System32\igxpdx32.DLL 2732032 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x99A74000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1732608 bytes (-, USB2.0 PC Camera driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1720320 bytes (Intel Corporation, Component GHAL Driver)
0x9A46A000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1167360 bytes (Agere Systems, SoftModem Device Driver)
0xB59F3000 C:\WINDOWS\system32\DRIVERS\CamthWDM.sys 937984 bytes
0xB5AD8000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 856064 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0x927B5000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 815104 bytes
0xB9E44000 iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D7D000 iastor76.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x9A1DE000 C:\WINDOWS\system32\drivers\SandBox.sys 700416 bytes (Agnitum Ltd., Host Protection Component)
0xB75D8000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xB9CA7000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB5876000 C:\WINDOWS\system32\drivers\btaudio.sys 524288 bytes (Broadcom Corporation., Bluetooth Audio Device)
0xB74B9000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x99C2E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB591E000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0x9A3B7000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x92653000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB7534000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x91D93000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB7449000 C:\WINDOWS\system32\drivers\afwcore.sys 253952 bytes (Agnitum Ltd., Agnitum Firewall Core Driver)
0xB7487000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 204800 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB5977000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9274A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9C7A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB75AD000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0x90AD5000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x99C9D000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0x9A36D000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0x92777000 C:\WINDOWS\system32\DRIVERS\nwrdr.sys 163840 bytes (Microsoft Corporation, NetWare Redirector File System Driver)
0x9253B000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 163840 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB766C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB5852000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB7691000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9287C000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB59D0000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9A34B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9A395000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 139264 bytes (Microsoft Corporation, IP Network Address Translator)
0x9A289000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E2000 ACPI_HAL 134400 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9D5D000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9C60000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9D34000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB59B9000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9279F000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0x92396000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB7585000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0xB7599000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB76B5000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x9A40F000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9D4B000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB59A8000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0x92970000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA298000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB9531000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xB9511000 C:\WINDOWS\system32\DRIVERS\rspndr.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9CB47000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB7C48000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA0B8000 ohci1394.sys 61440 bytes
0xBA238000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x9994D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0x9D395000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x9C263000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA278000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB7C98000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB9541000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xB7C78000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB7CA8000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 49152 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB7C88000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys 45056 bytes (Winbond Electronics Corporation, Winbond HID CIR Receiver)
0xB9561000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB7C58000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA288000 C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS 36864 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0x9C223000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA228000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA0A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB7C68000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x9CB57000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x90A75000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x9CB67000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\hidshim.sys 32768 bytes (Windows (R) Codename Longhorn DDK provider, SHIM filter for KMDF HIDMINI driver)
0x9D345000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0x9C9DA000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 32768 bytes (Microsoft Corporation, NWLINK2 Forwarder Driver)
0xBA440000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA378000 C:\WINDOWS\system32\DRIVERS\btport.sys 28672 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xBA470000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xBA450000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x9C9AA000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (Microsoft Corporation, Universal Serial Bus Camera Driver)
0xBA478000 C:\WINDOWS\system32\DRIVERS\afw.sys 24576 bytes (Agnitum Ltd., Agnitum Firewall NDIS Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0x9C9D2000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA438000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x9C9EA000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA458000 C:\WINDOWS\system32\DRIVERS\DKbFltr.sys 20480 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0x9C9E2000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA368000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA370000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA480000 C:\WINDOWS\system32\drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x93893000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x92477000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB8E4E000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9E7C9000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA588000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB9BFB000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0x924A7000 C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16384 bytes (Microsoft Corporation, NWLINK2 Traffic Filter Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x93863000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA578000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9C310000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8E4A000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA5C4000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5C2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5C6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5C8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5EC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6CF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0x9CD06000 C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys 4096 bytes (GRISOFT, s.r.o., AVG7 Clean Driver)
0x9354A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0x9CA25000 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 4096 bytes
0x9CD07000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_cqw.cfs
!-->[Hidden] C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J22DFUP5\HessianService[1]
!-->[Hidden] C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J22DFUP5\vepunkmetal;sz=300x250;klg=en;kt=K;kga=-1;kr=F;kw=all+at+once+the+fray;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=6541349276578419[1]7
!-->[Hidden] C:\WINDOWS\Prefetch\MSFEEDSSYNC.EXE-25E13438.pf
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002C9D0, Type: Inline - RelativeCall 0x805039D0-->805F3100 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CA10, Type: Inline - RelativeCall 0x80503A10-->80577FD8 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CA28, Type: Inline - RelativeCall 0x80503A28-->9A1F7BB0 [SandBox.sys]
ntkrnlpa.exe+0x0002CA3C, Type: Inline - RelativeCall 0x80503A3C-->9A1F5D70 [SandBox.sys]
ntkrnlpa.exe+0x0002CA64, Type: Inline - RelativeCall 0x80503A64-->805F320C [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CA72, Type: Inline - RelativeCall 0x80503A72-->80578090 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CAF0, Type: Inline - RelativeCall 0x80503AF0-->80623E9A [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CB10, Type: Inline - RelativeCall 0x80503B10-->805B3E5A [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CB3C, Type: Inline - RelativeCall 0x80503B3C-->80576834 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CB60, Type: Inline - RelativeCall 0x80503B60-->80613026 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CB6C, Type: Inline - RelativeCall 0x80503B6C-->805EBFF4 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CBEC, Type: Inline - RelativeCall 0x80503BEC-->80621310 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CC3C, Type: Inline - RelativeCall 0x80503C3C-->8054414C [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CC6C, Type: Inline - RelativeCall 0x80503C6C-->805A3FC2 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CC88, Type: Inline - RelativeCall 0x80503C88-->9A202D70 [SandBox.sys]
ntkrnlpa.exe+0x0002CCA8, Type: Inline - RelativeCall 0x80503CA8-->80620734 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CCC0, Type: Inline - RelativeCall 0x80503CC0-->8064402A [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CCE8, Type: Inline - RelativeCall 0x80503CE8-->9A1E5BF0 [SandBox.sys]
ntkrnlpa.exe+0x0002CD48, Type: Inline - RelativeCall 0x80503D48-->8057AEF0 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CD60, Type: Inline - RelativeCall 0x80503D60-->9A203770 [SandBox.sys]
ntkrnlpa.exe+0x0002CD84, Type: Inline - RelativeCall 0x80503D84-->80620AB6 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CDC0, Type: Inline - RelativeCall 0x80503DC0-->80503FF4 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006DF0E, Type: Inline - RelativeJump 0x80544F0E-->80544F15 [ntkrnlpa.exe]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0x9A3F60D4-->B7452906 [afwcore.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0x9CB6CB3C-->B7452906 [afwcore.sys]
[2472]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2472]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2472]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2472]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A8-->00000000 [shimeng.dll]
[2472]explorer.exe-->shell32.dll-->SHFileOperationW, Type: Inline - RelativeJump 0x7CA6FDEE-->00000000 [UnlockerHook.dll]
[2472]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E411338-->00000000 [shimeng.dll]
[2472]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[2472]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB115C-->00000000 [shimeng.dll]
[3668]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004631C0-->00000000 [unknown_code_page]
[3668]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->00000000 [unknown_code_page]
[3668]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->00000000 [unknown_code_page]
[3668]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->00000000 [unknown_code_page]
[3688]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004631C0-->00000000 [unknown_code_page]
[3688]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->00000000 [unknown_code_page]
[3688]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->00000000 [unknown_code_page]
[3688]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

[SuperDave]

Download OTM by OldTimer to your desktop.

Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:files
C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\idx\_cqw.cfs
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J22DFUP5\HessianService
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J22DFUP5\vepunkmetal;sz=300x250;klg=en;kt=K;kga=-1;kr=F;kw=all+at+once+the+fray;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=6541349276578419
C:\WINDOWS\Prefetch\MSFEEDSSYNC.EXE-25E13438.pf

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

[TylerDoom]

TY SD, Here is the OTM report

User: user
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52466 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 10577216 bytes
 
Total Files Cleaned = 81.00 mb
 
 
OTM by OldTimer - Version 3.1.16.1 log created on 10172010_124050

Files moved on Reboot...

Registry entries deleted on Reboot...

[SuperDave]

Ok. Now run RootKitUnhooker again and post the log.

[TylerDoom]

Alright SuperDave, here is the RKU Log, Thanks:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtAssignProcessToJobObject, Type: Address change 0x805D4E98-->A18FAA60 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtClose, Type: Address change 0x805BAF74-->A18DFBF0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtConnectPort, Type: Address change 0x805A30A6-->A18FC920 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateFile, Type: Address change 0x80577ECA-->A18DBF60 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x80622142-->A18E7090 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateProcess, Type: Address change 0x805CFAE4-->A18F32B0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Address change 0x805CFA2E-->A18F3BB0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateSection, Type: Address change 0x805A9E9E-->A18DAD10 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateSymbolicLinkObject, Type: Address change 0x805C36A8-->A18E6E40 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x805CF8CC-->A18F1D70 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtDebugActiveProcess, Type: Address change 0x806412A2-->A18FFF30 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtDeleteFile, Type: Address change 0x80575AB2-->A18E5B20 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x806225DE-->A18E8900 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x806227AE-->A18EF3A0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtLoadDriver, Type: Address change 0x80582EA6-->A18F0BB0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtMakeTemporaryObject, Type: Address change 0x805BB018-->A18E66B0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtOpenFile, Type: Address change 0x80578FC8-->A18DEC10 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x806234E4-->A18E7FC0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805C9D0E-->9FDEE8AC [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys]
ntkrnlpa.exe-->NtOpenSection, Type: Address change 0x805A8EC2-->A18DB580 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805C9F9A-->A18F5060 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtProtectVirtualMemory, Type: Address change 0x805B6E62-->A18FBDA0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtQueryDirectoryFile, Type: Address change 0x80578CAA-->A18E08A0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtQueryKey, Type: Address change 0x80623824-->A18EA750 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x806201E8-->A18EAFA0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtQueueApcThread, Type: Address change 0x805CFB2A-->A18F9ED0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtRenameKey, Type: Address change 0x80621B68-->A18EE590 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtReplaceKey, Type: Address change 0x80623D4A-->A18EC500 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtRequestPort, Type: Address change 0x805A1520-->A18FEA50 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: Address change 0x805A184C-->A18FED70 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x80620536-->A18EDD20 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSaveKey, Type: Address change 0x806205D8-->A18ECC80 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSaveKeyEx, Type: Address change 0x80620668-->A18ED4D0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSecureConnectPort, Type: Address change 0x805A283A-->A18FD480 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x805CFFEE-->A18F9440 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSetInformationDebugObject, Type: Address change 0x80640D3C-->A1900520 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSetInformationFile, Type: Address change 0x80579E30-->A18E1BF0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSetSystemInformation, Type: Address change 0x8060DC1E-->A18F01C0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x806207EE-->A18EB820 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSuspendProcess, Type: Address change 0x805D32D8-->A18F8190 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSuspendThread, Type: Address change 0x805D314A-->A18F8AC0 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtSystemDebugControl, Type: Address change 0x80615F98-->A18FF770 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D1238-->9FDEE812 [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805D1432-->A18F7620 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtUnloadDriver, Type: Address change 0x8058303A-->A18F1530 [C:\WINDOWS\system32\drivers\SandBox.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805B2E10-->A18FB2B0 [C:\WINDOWS\system32\drivers\SandBox.sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserAttachThreadInput, Type: Address change 0xBF8F5689-->A19041A0 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF8670A0-->A1903DB0 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF81C962-->A19036B0 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserMessageCall, Type: Address change 0xBF80F06A-->A1901ED0 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserPostMessage, Type: Address change 0xBF80851A-->A19013D0 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserPostThreadMessage, Type: Address change 0xBF8716EB-->A1901760 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserRegisterRawInputDevices, Type: Address change 0xBF916778-->A1904600 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserSendInput, Type: Address change 0xBF8C333C-->A1903380 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF8BA260-->A1902290 [C:\WINDOWS\system32\drivers\SandBox.sys]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0xBF8F9A43-->A1902A60 [C:\WINDOWS\system32\drivers\SandBox.sys]
==============================================
>Processes
==============================================
0x8A642660 [4] System
0x89891DA0 [160] C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation, B's Recorder GOLD Service Library)
0x863C05A8 [240] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x8963B810 [260] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x8980A2E8 [324] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x899A3AF8 [348] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86499B00 [784] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation., Bluetooth Tray Application)
0x86874798 [800] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x865F0798 [844] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8987E870 [880] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x868EDBC0 [1016] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x867A8020 [1108] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x89A4D838 [1336] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x862DAB00 [1372] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x899BF848 [1384] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8969FDA0 [1412] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8963C480 [1456] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8965ADA0 [1468] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x89AA9A60 [1628] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86941020 [1652] C:\Program Files\CyberLink\Shared files\RichVideo.exe (-, RichVideo Module)
0x89664DA0 [1716] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89656020 [1756] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x869AD020 [1780] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation., Bluetooth Support Server)
0x896CE7A8 [1832] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x865FA800 [1888] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp., Microsoft SeaPort Search Enhancement Broker)
0x8966E9F0 [2000] C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems, Agere Soft Modem Call Progress Service)
0x899059E0 [2016] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc., Apple Mobile Device Service)
0x89B7CC50 [2028] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o., AVG Anti-Spyware guard)
0x866B6AF0 [2120] C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG, Nero Home)
0x863CFAF8 [2156] C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x866C7AE8 [2208] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module)
0x86559800 [2404] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x863BC9B0 [2576] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)
0x8679D300 [2624] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x86494DA0 [2808] C:\WINDOWS\VistaDrive\vistadrive.exe (-, -)
0x864A2710 [2820] C:\Program Files\Unlocker\UnlockerAssistant.exe
0x86484DA0 [2828] C:\Program Files\Utilities\VisualTooltip\VisualToolTip.exe (Christian Salmon, Affiche les miniatures des fenêtres dans la barre des taches au passage du curseur de la souris)
0x86477768 [2848] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp., Realtek HD Audio Control Panel)
0x864863B8 [2892] C:\PROGRA~1\Launch Manager\QtZgAcer.EXE (Dritek System Inc., Launch Manager)
0x86465AF0 [2900] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x864615C0 [2912] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation, igfxTray Module)
0x86465620 [2928] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x864469B0 [2936] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation, persistence Module)
0x86447948 [2964] C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x864496C8 [2988] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp., PowerDVD RC Service)
0x8644D8D8 [3072] C:\PROGRA~1\Winamp\winampa.exe
0x864509F0 [3096] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper Module)
0x865C53F0 [3104] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc., AcroTray)
0x8684E260 [3116] C:\Program Files\WebcamMax\wcmmon.exe
0x865C47B8 [3144] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o., AVG Anti-Spyware)
0x865BB690 [3180] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x865B1C48 [3192] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation, Windows Sidebar)
0x863F33B0 [3220] C:\Program Files\LClock\LClock.exe (-, LClock Application)
0x863FE998 [3232] C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd., Activation Licensing Service)
0x863F9DA0 [3256] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG, Nero Home)
0x8659FBD0 [3312] C:\WINDOWS\system32\igfxext.exe (Intel Corporation, igfxext Module)
0x86776BC0 [3408] C:\Program Files\Slide\Slide.exe (Slide, Inc., Slide)
0x865E3590 [3440] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc., GoogleToolbarNotifier)
0x865FF518 [3468] C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation, Windows Genuine Advantage Notification)
0x865CB020 [3480] C:\Program Files\WeFi\WeFi.exe (WeFi, WeFi Application)
0x89BA39E0 [3508] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc., Google Installer)
0x865FEB68 [3528] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x869A53E8 [3548] C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG, Nero Home)
0x89524810 [3716] C:\Program Files\WeFi\WefiEngSvc.exe (WeFi, WefiEngSvc.exe)
0x8964C580 [3784] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation, Windows Sidebar)
0x866B9948 [3924] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp., Realtek HD Audio Data Rerouter)
0x8664F9E8 [4008] C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd., -)
0x898E8388 [4020] C:\Documents and Settings\Administrator\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\cabNcnGxAt.exe (UG North, RKULE, SR2 Normandy)
0x8900CDA0 [1992] C:\PROGRA~1\Agnitum\Outpost Firewall\acs.exe (Agnitum Ltd., Agnitum Outpost Service)
0x8642C818 [3172] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd., Outpost User Interface)
==============================================
>Drivers
==============================================
0xB7CBB000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5763072 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA222C000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4575232 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF1F2000 C:\WINDOWS\System32\igxpdx32.DLL 2732032 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x9F78A000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1732608 bytes (-, USB2.0 PC Camera driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1720320 bytes (Intel Corporation, Component GHAL Driver)
0xA210F000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1167360 bytes (Agere Systems, SoftModem Device Driver)
0xB749E000 C:\WINDOWS\system32\DRIVERS\CamthWDM.sys 937984 bytes
0xB7583000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 856064 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0x98243000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 815104 bytes
0xB9E44000 iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D7D000 iastor76.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xA18DA000 C:\WINDOWS\system32\drivers\SandBox.sys 700416 bytes (Agnitum Ltd., Host Protection Component)
0xB7BCA000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xB9CA7000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB7349000 C:\WINDOWS\system32\drivers\btaudio.sys 524288 bytes (Broadcom Corporation., Bluetooth Audio Device)
0xB7AAB000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x9F6F0000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB73C9000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xA1A13000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x980E1000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB7B26000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x978E9000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB7A3B000 C:\WINDOWS\system32\drivers\afwcore.sys 253952 bytes (Agnitum Ltd., Agnitum Firewall Core Driver)
0xB7A79000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 204800 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB7422000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x981D8000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9C7A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB7B9F000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0x95A81000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9F75F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA19C9000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0x98205000 C:\WINDOWS\system32\DRIVERS\nwrdr.sys 163840 bytes (Microsoft Corporation, NetWare Redirector File System Driver)
0x97F16000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 163840 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB7C5E000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB7325000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB7C83000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9830A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB747B000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA19A7000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA19F1000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 139264 bytes (Microsoft Corporation, IP Network Address Translator)
0xA1985000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E2000 ACPI_HAL 134400 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9D5D000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9C60000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9D34000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB7464000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9822D000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0x97FDC000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB7B77000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0xB7B8B000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB7CA7000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA1A6B000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9D4B000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB7453000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB82CA000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8AA1000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA288000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\rspndr.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0xA1BE5000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA2C8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA0B8000 ohci1394.sys 61440 bytes
0xBA298000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0xBA188000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA4770000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xA7075000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB8AC1000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB825A000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB8AE1000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA258000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xB823A000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB826A000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 49152 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB824A000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB8AF1000 C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys 45056 bytes (Winbond Electronics Corporation, Winbond HID CIR Receiver)
0xBA2D8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB8AB1000 C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS 36864 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA056C000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8AD1000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA318000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA0A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA1BF5000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x95D27000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA1C15000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA440000 C:\WINDOWS\system32\DRIVERS\hidshim.sys 32768 bytes (Windows (R) Codename Longhorn DDK provider, SHIM filter for KMDF HIDMINI driver)
0xA645C000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xA3AD7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0x9FCD2000 C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 32768 bytes (Microsoft Corporation, NWLINK2 Forwarder Driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA380000 C:\WINDOWS\system32\DRIVERS\btport.sys 28672 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xBA468000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xA0417000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (Microsoft Corporation, Universal Serial Bus Camera Driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\afw.sys 24576 bytes (Agnitum Ltd., Agnitum Firewall NDIS Driver)
0xBA458000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xA3ACF000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA430000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA4945000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA450000 C:\WINDOWS\system32\DRIVERS\DKbFltr.sys 20480 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0xA3ADF000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA370000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA378000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA478000 C:\WINDOWS\system32\drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x992B3000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x97C9A000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB94ED000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB7311000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA598000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB9BF7000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0x97BDA000 C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16384 bytes (Microsoft Corporation, NWLINK2 Traffic Filter Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x98F12000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA588000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA3D95000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB94E9000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA5B0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5AE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5B4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5B6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5EC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5E6000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA782000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA46CD000 C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys 4096 bytes (GRISOFT, s.r.o., AVG7 Clean Driver)
0x9A43A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0x9FDEE000 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 4096 bytes
0xA46CE000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002CA10, Type: Inline - RelativeJump 0x80503A10-->805039A5 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CC88, Type: Inline - RelativeJump 0x80503C88-->ED70A18F [unknown_code_page]
ntkrnlpa.exe+0x0006DF0E, Type: Inline - RelativeJump 0x80544F0E-->80544F15 [ntkrnlpa.exe]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xA1A520D4-->B7A44906 [afwcore.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xA1C1AB3C-->B7A44906 [afwcore.sys]
[240]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004631C0-->00000000 [unknown_code_page]
[240]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->00000000 [unknown_code_page]
[240]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->00000000 [unknown_code_page]
[240]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->00000000 [unknown_code_page]
[2576]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004631C0-->00000000 [unknown_code_page]
[2576]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->00000000 [unknown_code_page]
[2576]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->00000000 [unknown_code_page]
[2576]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->00000000 [unknown_code_page]
[800]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[800]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[800]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[800]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A8-->00000000 [shimeng.dll]
[800]explorer.exe-->shell32.dll-->SHFileOperationW, Type: Inline - RelativeJump 0x7CA6FDEE-->00000000 [UnlockerHook.dll]
[800]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E411338-->00000000 [shimeng.dll]
[800]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[800]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB115C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[TylerDoom]

ESET Scan log.
thanks SuperD


C:\Program Files\Utilities\Nirsoft\awatch.exe   
a variant of Win32/NirSoft.AdapterWatch.A application   cleaned by deleting - quarantined

C:\Program Files\Utilities\Nirsoft\axhelper.exe   
probably a variant of Win32/Spy.Agent.FGUGTOG trojan   cleaned by deleting - quarantined

C:\System Volume Information\_restore{35A05E8D-F47A-4E35-8739-C0D2F886F7B5}\RP22\A0021963.exe   
a variant of Win32/NirSoft.AdapterWatch.A application   cleaned by deleting - quarantined

C:\System Volume Information\_restore{35A05E8D-F47A-4E35-8739-C0D2F886F7B5}\RP22\A0021965.exe   
probably a variant of Win32/Spy.Agent.FGUGTOG trojan   cleaned by deleting - quarantined

[SuperDave]

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was

extracted to. Open the text file and copy/paste the log here.
[/list]