Hi Dave
Log is pasted after this - have used P2P from Emule thru Limewire then Frostwire. Latterly had noticed and read about growing number of issues and have not used at all in last 6 months but never got round to deleting it. Small point though, have had to delete manually as it didn't appear in Control Panel - is that odd or not?
Anyhow as promised and hope it all amkes sense to you!
Alex
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: F757C000
Module End: F758B000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F34B7000
Module End: F34CF000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7AB0000
Module End: F7AB2000
Hidden: Yes
Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: F7914000
Module End: F791C000
Hidden: Yes
Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F7AD6000
Module End: F7AD8000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: F3A38620
Driver Base: F3A2E000
Driver End: F3A50000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwYieldExecution
At Address: 80504B08
Jump To: F726FDF4
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Hooked Function: ZwUnmapViewOfSection
At Address: 805B2E48
Jump To: F726FE20
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Hooked Function: ZwTerminateProcess
At Address: 805D29E2
Jump To: F726FE34
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Hooked Function: ZwSetValueKey
At Address: 80622662
Jump To: F726FDCA
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Hooked Function: ZwSetSecurityObject
At Address: 805C062E
Jump To: F726FDE0
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Hooked Function: ZwRenameKey
At Address: 80623B12
Jump To: F726FD9E
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Hooked Function: ZwOpenThread
At Address: 805CB6CC
Jump To: F726FD4C
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Hooked Function: ZwOpenProcess
At Address: 805CB440
Jump To: F726FD38
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Hooked Function: ZwOpenKey
At Address: 806254CE
Jump To: F726FD60
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Hooked Function: ZwMapViewOfSection
At Address: 805B203A
Jump To: F726FE0A
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Hooked Function: ZwDeleteValueKey
At Address: 8062475C
Jump To: F726FDB4
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Hooked Function: ZwDeleteKey
At Address: 8062458C
Jump To: F726FD88
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Hooked Function: ZwCreateKey
At Address: 806240F0
Jump To: F726FD74
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\HP_Owner\Cookies\
???L?
??
Status: Hidden
Object: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{EE1C98D5-5C6E-7C57-C992-EC9B935BBB83}\01\12-{EE1C98D5-5C6E-7C57-C992-EC9B935
Status: Hidden
Object: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\
[email protected]\DFSR\Staging\CS{BAFAFF34-6546-1C02-5C98-D03178B14D18}\01\10-{BAFAFF34-6546-1C02-5C98-D03178B14D1
Status: Hidden
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied