WiredWX Hobby Weather ToolsLog in

 


Slow

2 posters

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
Its faster I must say, but the Avira keeps coming up. I am scanning it right now with Avira and it has come up with 3 things. I will post the log when finished. Nothing has been downloaded since we have begun this virus cleaning session.

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
Scratch the Avira log. The computer is worse. Nothing is being downloaded or has been downloaded. I can't even open MBAM without Avira finding a virus, and then it doesn't allow MBAM to open.

It says the virus is: C:\Windows.1\System32\Ernel32.dll

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x8061A344-->F7BDADF6 [Unknown module filename]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x805C7288-->F7BDADEC [Unknown module filename]
ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x8061A7E0-->F7BDADFB [Unknown module filename]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x8061A9B0-->F7BDAE05 [Unknown module filename]
ntkrnlpa.exe-->NtLoadKey, Type: Address change 0x8061C568-->F7BDAE0A [Unknown module filename]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805C1316-->F7BDADD8 [Unknown module filename]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805C15A2-->F7BDADDD [Unknown module filename]
ntkrnlpa.exe-->NtReplaceKey, Type: Address change 0x8061C418-->F7BDAE14 [Unknown module filename]
ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x8061BD24-->F7BDAE0F [Unknown module filename]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x806188B6-->F7BDAE00 [Unknown module filename]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805C8CAA-->F7BDADE7 [Unknown module filename]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x84DCAA00 [4] System
0x84B3D928 [148] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc., Catalyst Control Center: Monitoring program)
0x8497CBE8 [220] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH, Antivirus System Tray Tool)
0x849C2508 [232] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x8496FA50 [244] C:\Documents and Settings\Alexander\msnmsgr7.exe (Microsoft Windows, Mircosoft Messenger V.7)
0x84C2BBE8 [388] C:\WINDOWS.1\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x84CB44C8 [408] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc., DNA)
0x84967DA0 [508] C:\WINDOWS.1\explorer.exe (Microsoft Corporation, Windows Explorer)
0x84A6EC08 [552] C:\WINDOWS.1\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x84A0B900 [592] C:\WINDOWS.1\Ojuhoa.exe
0x84AA5DA0 [616] C:\WINDOWS.1\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x84A6C6E8 [656] C:\WINDOWS.1\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x84B57DA0 [700] C:\WINDOWS.1\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x84AF45D0 [712] C:\WINDOWS.1\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x84B147A8 [880] C:\WINDOWS.1\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x84C42118 [896] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x84A487E8 [984] C:\WINDOWS.1\system32\msiexec.exe (Microsoft Corporation, Windows® installer)
0x84B1F188 [988] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x84BF1020 [1040] C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH, Antivirus On-Access Service)
0x84980610 [1072] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x84A0E180 [1084] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8498FDA0 [1156] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x849D8368 [1172] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x84A507E0 [1244] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x84A26A98 [1284] C:\WINDOWS.1\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x849A9500 [1504] C:\WINDOWS.1\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x84577318 [1540] C:\WINDOWS.1\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x84B3F790 [1576] C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH, Antivirus Scheduler)
0x84B3C130 [1584] C:\WINDOWS.1\system32\inetsrv\inetinfo.exe (Microsoft Corporation, Internet Information Services)
0x84B1BBE8 [1664] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8497F440 [1972] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x845FE1E0 [2168] C:\Documents and Settings\Alexander\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\kxSn2qJi3r.exe (UG North, RKULE, SR2 Normandy)
0x84B5DDA0 [2836] C:\WINDOWS.1\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x84CFB068 [3052] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x84977890 [3160] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x849B9DA0 [3480] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc., Catalyst Control Centre: Host application)
==============================================
>Drivers
==============================================
0xF6F24000 C:\WINDOWS.1\system32\DRIVERS\ati2mtag.sys 3891200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1CD000 C:\WINDOWS.1\System32\ati3duag.dll 3821568 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF572000 C:\WINDOWS.1\System32\ativvaxx.dll 2670592 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF6C6D000 C:\WINDOWS.1\system32\drivers\ALCXWDM.SYS 2281472 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0x804D7000 C:\WINDOWS.1\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS.1\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF065000 C:\WINDOWS.1\System32\ati2cqag.dll 626688 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF7369000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF0FE000 C:\WINDOWS.1\System32\atikvmag.dll 540672 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF28FC000 C:\WINDOWS.1\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6B57000 C:\WINDOWS.1\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF29E1000 C:\WINDOWS.1\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEFCC1000 C:\WINDOWS.1\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS.1\System32\ati2dvag.dll 339968 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF182000 C:\WINDOWS.1\System32\atiok3x2.dll 307200 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xBFFA0000 C:\WINDOWS.1\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEF74D000 C:\WINDOWS.1\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6BDD000 C:\WINDOWS.1\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF6EE1000 C:\WINDOWS.1\system32\DRIVERS\b57xp32.sys 192512 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xF74AD000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF01E3000 C:\WINDOWS.1\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF733C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEED66000 C:\WINDOWS.1\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF296C000 C:\WINDOWS.1\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF29B9000 C:\WINDOWS.1\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF0210000 C:\WINDOWS.1\system32\DRIVERS\nwrdr.sys 163840 bytes (Microsoft Corporation, NetWare Redirector File System Driver)
0xF7457000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF28D6000 C:\WINDOWS.1\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6C49000 C:\WINDOWS.1\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6EBD000 C:\WINDOWS.1\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6E9A000 C:\WINDOWS.1\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF2997000 C:\WINDOWS.1\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS.1\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF741F000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF747D000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF28BA000 C:\WINDOWS.1\system32\DRIVERS\avipbb.sys 114688 bytes (Avira GmbH, Avira Driver for RootKit Detection)
0xF7322000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF743F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF287A000 C:\WINDOWS.1\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73F6000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6C1E000 C:\WINDOWS.1\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF03A0000 C:\WINDOWS.1\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xF00B6000 C:\WINDOWS.1\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF04A6000 C:\WINDOWS.1\system32\DRIVERS\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)
0xF6C35000 C:\WINDOWS.1\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6F10000 C:\WINDOWS.1\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF2A3A000 C:\WINDOWS.1\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS.1\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF740D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF749C000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6C0D000 C:\WINDOWS.1\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF77BC000 C:\WINDOWS.1\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF765C000 C:\WINDOWS.1\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF77EC000 C:\WINDOWS.1\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF768C000 C:\WINDOWS.1\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF767C000 C:\WINDOWS.1\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF766C000 C:\WINDOWS.1\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF0290000 C:\WINDOWS.1\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF773C000 C:\WINDOWS.1\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF764C000 C:\WINDOWS.1\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF6AF7000 C:\WINDOWS.1\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF761C000 C:\WINDOWS.1\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76AC000 C:\WINDOWS.1\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75FC000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76CC000 C:\WINDOWS.1\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF778C000 C:\WINDOWS.1\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF75EC000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76BC000 C:\WINDOWS.1\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75DC000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76FC000 C:\WINDOWS.1\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76EC000 C:\WINDOWS.1\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF760C000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF77CC000 C:\WINDOWS.1\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF76DC000 C:\WINDOWS.1\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF775C000 C:\WINDOWS.1\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEF53F000 C:\WINDOWS.1\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF779C000 C:\WINDOWS.1\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7964000 C:\WINDOWS.1\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7994000 C:\WINDOWS.1\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78C4000 C:\WINDOWS.1\system32\DRIVERS\nwlnkfwd.sys 32768 bytes (Microsoft Corporation, NWLINK2 Forwarder Driver)
0xF79A4000 C:\WINDOWS.1\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7924000 C:\WINDOWS.1\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7934000 C:\WINDOWS.1\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF797C000 C:\WINDOWS.1\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF785C000 C:\WINDOWS.1\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF792C000 C:\WINDOWS.1\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7944000 C:\WINDOWS.1\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF793C000 C:\WINDOWS.1\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF799C000 C:\WINDOWS.1\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7984000 C:\WINDOWS.1\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF798C000 C:\WINDOWS.1\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7864000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7954000 C:\WINDOWS.1\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF795C000 C:\WINDOWS.1\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF794C000 C:\WINDOWS.1\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF791C000 C:\WINDOWS.1\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF79AC000 C:\WINDOWS.1\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xEF715000 C:\WINDOWS.1\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF6BD5000 C:\WINDOWS.1\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF72FE000 C:\WINDOWS.1\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF04D2000 C:\WINDOWS.1\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xEF8A9000 C:\WINDOWS.1\system32\DRIVERS\nwlnkflt.sys 16384 bytes (Microsoft Corporation, NWLINK2 Traffic Filter Driver)
0xF7ABC000 C:\WINDOWS.1\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF79EC000 C:\WINDOWS.1\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF6BB9000 C:\WINDOWS.1\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7AB0000 C:\WINDOWS.1\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7AB4000 C:\WINDOWS.1\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7AC0000 C:\WINDOWS.1\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A78000 C:\WINDOWS.1\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B08000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7AFE000 C:\WINDOWS.1\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AE0000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B0A000 C:\WINDOWS.1\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AFC000 C:\WINDOWS.1\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7ADC000 C:\WINDOWS.1\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B00000 C:\WINDOWS.1\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B86000 C:\WINDOWS.1\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B02000 C:\WINDOWS.1\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AF6000 C:\WINDOWS.1\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7AF8000 C:\WINDOWS.1\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AFA000 C:\WINDOWS.1\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7ADE000 C:\WINDOWS.1\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D25000 C:\WINDOWS.1\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C5E000 C:\WINDOWS.1\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BC3000 C:\WINDOWS.1\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BA4000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x057C0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 102400 bytes
0x05FD0000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 1150976 bytes
0x00D80000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 118784 bytes
0x03950000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 118784 bytes
0x06790000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 118784 bytes
0x063B0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 135168 bytes
0x05A60000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 151552 bytes
0x05DE0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 1740800 bytes
0x05F90000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 217088 bytes
0x05A90000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 233472 bytes
0x00FA0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 28672 bytes
0x010C0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 28672 bytes
0x00E00000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x00E30000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03A10000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03E30000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03E10000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03FB0000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03E60000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03E80000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03FD0000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x040A0000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x040C0000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04DC0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x048D0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04880000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04870000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x048A0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04A40000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04A20000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04D30000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04CB0000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04D80000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04F20000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04DD0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04ED0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04EF0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05030000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x051E0000 Hidden Image-->atixclib.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05370000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x053C0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x054D0000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05580000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05750000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05740000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05770000 Hidden Image-->Branding.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x057B0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05A00000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05A10000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05A50000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x061F0000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04800000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 299008 bytes
0x010E0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x84B3D928 ] PID: 148, 307200 bytes
0x00DE0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8496FA50 ] PID: 244, 307200 bytes
0x00E70000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 307200 bytes
0x03870000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 36864 bytes
0x038F0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 36864 bytes
0x04860000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x00DD0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x03990000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x039E0000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x03A50000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x03BA0000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x04090000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x04D00000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x04DF0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x04E20000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x04E80000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x04EC0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x05760000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x064F0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 372736 bytes
0x03150000 Hidden Image-->System.Management.dll [ EPROCESS 0x8496FA50 ] PID: 244, 380928 bytes
0x052F0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 413696 bytes
0x056D0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 413696 bytes
0x063E0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 446464 bytes
0x00DB0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 45056 bytes
0x00E20000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 45056 bytes
0x00DF0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x00ED0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x03A20000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x04D10000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x04DB0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x04E10000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x04E70000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x03FE0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 454656 bytes
0x06470000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 462848 bytes
0x05AE0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 503808 bytes
0x057E0000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 512000 bytes
0x03A00000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x039D0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x03A30000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x03E20000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x03FA0000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x04CF0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x04DE0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x04E40000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x05180000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x05590000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x05780000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x054E0000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 552960 bytes
0x06550000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 602112 bytes
0x04E50000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 61440 bytes
0x04EB0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 61440 bytes
0x04F80000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 61440 bytes
0x04FF0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 61440 bytes
0x00E30000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 69632 bytes
0x00E40000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 69632 bytes
0x03970000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 69632 bytes
0x040D0000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 69632 bytes
0x04F40000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 69632 bytes
0x05010000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 69632 bytes
0x062F0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 724992 bytes
0x00DA0000 Hidden Image-->q31cE3aA9.dll [ EPROCESS 0x849A9500 ] PID: 1504, 73728 bytes
0x01A20000 Hidden Image-->ernel32.dll [ EPROCESS 0x84967DA0 ] PID: 508, 73728 bytes
0x003A0000 Hidden Image-->ernel32.dll [ EPROCESS 0x84B3D928 ] PID: 148, 73728 bytes
0x003E0000 Hidden Image-->ernel32.dll [ EPROCESS 0x8497CBE8 ] PID: 220, 73728 bytes
0x003A0000 Hidden Image-->ernel32.dll [ EPROCESS 0x849C2508 ] PID: 232, 73728 bytes
0x003A0000 Hidden Image-->ernel32.dll [ EPROCESS 0x8496FA50 ] PID: 244, 73728 bytes
0x003A0000 Hidden Image-->ernel32.dll [ EPROCESS 0x84CB44C8 ] PID: 408, 73728 bytes
0x008E0000 Hidden Image-->ernel32.dll [ EPROCESS 0x84C2BBE8 ] PID: 388, 73728 bytes
0x003A0000 Hidden Image-->ernel32.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 73728 bytes
0x04CD0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 77824 bytes
0x04D90000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 77824 bytes
0x04E90000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 77824 bytes
0x066C0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 823296 bytes
0x00E10000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 86016 bytes
0x04D40000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 86016 bytes
0x05A30000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 86016 bytes
0x039B0000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 94208 bytes
0x049E0000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 94208 bytes
0x04FC0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 94208 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006AA8A, Type: Inline - RelativeJump 0x80541A8A-->80541A91 [ntkrnlpa.exe]
[148]MOM.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[1504]spoolsv.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[220]avgnt.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[232]iTunesHelper.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[244]msnmsgr7.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[3052]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[3480]CCC.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[388]ctfmon.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[408]btdna.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[508]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[508]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[508]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[508]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[508]explorer.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[508]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[508]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[508]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[508]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[592]Ojuhoa.exe-->advapi32.dll-->RegDeleteValueA, Type: IAT modification 0x0040B000-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->BitBlt, Type: IAT modification 0x0040B088-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->CreateBitmap, Type: IAT modification 0x0040B080-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->CreateFontIndirectA, Type: IAT modification 0x0040B074-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->CreatePalette, Type: IAT modification 0x0040B06C-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->GetDCOrgEx, Type: IAT modification 0x0040B084-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->GetObjectA, Type: IAT modification 0x0040B070-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->GetPixel, Type: IAT modification 0x0040B078-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->SelectPalette, Type: IAT modification 0x0040B07C-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->ExitProcess, Type: IAT modification 0x0040B0CC-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetACP, Type: IAT modification 0x0040B0A4-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x0040B0D8-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetDiskFreeSpaceA, Type: IAT modification 0x0040B0AC-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x0040B0B4-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x0040B09C-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetOEMCP, Type: IAT modification 0x0040B0C0-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040B090-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetSystemDefaultLangID, Type: IAT modification 0x0040B0B0-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetUserDefaultLCID, Type: IAT modification 0x0040B0D4-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetVersionExA, Type: IAT modification 0x0040B098-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->LocalAlloc, Type: IAT modification 0x0040B0C4-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->LockResource, Type: IAT modification 0x0040B094-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->lstrcmpiA, Type: IAT modification 0x0040B0BC-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->lstrlenA, Type: IAT modification 0x0040B0B8-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->MoveFileExA, Type: IAT modification 0x0040B0C8-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->SetThreadLocale, Type: IAT modification 0x0040B0D0-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->VirtualAlloc, Type: IAT modification 0x0040B0A8-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->shell32.dll-->Shell_NotifyIconA, Type: IAT modification 0x0040B048-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->shell32.dll-->SHGetDiskFreeSpaceA, Type: IAT modification 0x0040B040-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->shell32.dll-->SHGetFolderPathA, Type: IAT modification 0x0040B044-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->shell32.dll-->SHGetSpecialFolderLocation, Type: IAT modification 0x0040B03C-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->CreateWindowExW, Type: IAT modification 0x7C9C1D3C-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x7C9C1D44-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->MessageBoxA, Type: IAT modification 0x7C9C1E5C-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->MessageBoxIndirectW, Type: IAT modification 0x7C9C2088-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->MessageBoxW, Type: IAT modification 0x7C9C1DC0-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->SetWindowPos, Type: IAT modification 0x7C9C1DA0-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->ShowWindow, Type: IAT modification 0x7C9C1D58-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->user32.dll+0x00003B98, Type: Inline - PushRet 0x7E413B98-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001AAC, Type: Inline - PushRet 0x3D931AAC-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001AB2, Type: Inline - PushRet 0x3D931AB2-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001AC0, Type: Inline - PushRet 0x3D931AC0-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001ACA, Type: Inline - PushRet 0x3D931ACA-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001ACE, Type: Inline - PushRet 0x3D931ACE-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001AD2, Type: Inline - PushRet 0x3D931AD2-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001ADC, Type: Inline - PushRet 0x3D931ADC-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001B28, Type: Inline - RelativeJump 0x3D931B28-->00000000 [wininet.dll]
[592]Ojuhoa.exe-->wininet.dll+0x00001BC4, Type: Inline - PushRet 0x3D931BC4-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001BD8, Type: Inline - PushRet 0x3D931BD8-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001BDE, Type: Inline - PushRet 0x3D931BDE-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001BE2, Type: Inline - PushRet 0x3D931BE2-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001BE6, Type: Inline - PushRet 0x3D931BE6-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001BEA, Type: Inline - PushRet 0x3D931BEA-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001C14, Type: Inline - SEH 0x3D931C14 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001C16, Type: Inline - PushRet 0x3D931C16-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001C1A, Type: Inline - PushRet 0x3D931C1A-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001C1E, Type: Inline - PushRet 0x3D931C1E-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001C22, Type: Inline - PushRet 0x3D931C22-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll-->user32.dll-->CreateWindowExW, Type: IAT modification 0x3D9315F0-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->wininet.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x3D931598-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->wininet.dll-->user32.dll-->MessageBoxW, Type: IAT modification 0x3D9315FC-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->wininet.dll-->user32.dll-->SetWindowPos, Type: IAT modification 0x3D931560-->00000000 [Ojuhoa.exe]
[716]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
So I scanned with MBAM in safe mode (wouldn't open in regular mode) right after this, and it found 16 things! Don't know how they got there, but here is the log if you need it:

I can't find the log -_-

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.


Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-28 16:51:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\pxtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT F7D029FE ZwCreateKey
SSDT F7D029F4 ZwCreateThread
SSDT F7D02A03 ZwDeleteKey
SSDT F7D02A0D ZwDeleteValueKey
SSDT F7D02A12 ZwLoadKey
SSDT F7D029E0 ZwOpenProcess
SSDT F7D029E5 ZwOpenThread
SSDT F7D02A1C ZwReplaceKey
SSDT F7D02A17 ZwRestoreKey
SSDT F7D02A08 ZwSetValueKey
SSDT F7D029EF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS.1\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6F25000, 0x1C5D38, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\DNA\btdna.exe[308] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 003F000A
.text C:\WINDOWS.1\system32\ctfmon.exe[476] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 003F000A
.text C:\WINDOWS.1\Explorer.EXE[512] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CE000A
.text C:\WINDOWS.1\system32\spoolsv.exe[1504] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F3000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3572] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:37 on 28/07/2010 (Alexander)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:52 20/05/2010]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [00:08 07/11/2080]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [23:14 21/12/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [07:09 05/04/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [07:32 07/09/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [05:46 05/11/2009]

C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\gigk9imp.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [04:41 20/05/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS.1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [23:39 28/01/2010]

-=E.O.F=-

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
This link doesn't work, so I can't download it.

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
Worked fine for me Let me think

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
Something is blocking it on this PC, because it works on my laptop. I'll transfer it to a flash/hard drive in the morning and try it then.

descriptionSlow - Page 2 EmptyRe: Slow

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum