Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

SysExplorer - Diagnose Report

jantzaw

By jantzaw
in Spyware-Malware Removal Help!

Recommended Posts

jantzaw Newbie

jantzaw

Posted
Posted

Advanced SystemCare Diagnose Report v1.0

date: 2011/09/10 12:13:30

 

----------------------------------

01 - Operation System

----------------------------------

 

0101 - Operating System : Windows 7 Ultimate 32-bit (6.1, Build 7600) (7600.win7_gdr.110622-1503)

0102 - Language : English (Regional Setting: English)

0103 - BIOS : Phoenix - AwardBIOS v6.00PG

0104 - Processor : AMD Athlon 7750 Dual-Core Processor (2 CPUs), ~2.9GHz

0105 - Memory : 4096MB RAM

0106 - Available OS Memory : 3326MB RAM

0107 - Page File : 1195MB used, 5455MB available

0108 - Windows Dir : C:\Windows

0109 - DirectX Version : DirectX 11

0110 - DX Setup Parameters : Not found

0111 - User DPI Setting : Using System DPI

0112 - System DPI Setting : 96 DPI (100 percent)

0113 - DWM DPI Scaling : Disabled

0114 - DxDiag Version : 6.01.7600.16385

 

----------------------------------

02 - Processor

----------------------------------

 

0201 - Caption : AMD Athlon 7750 Dual-Core Processor x2 ~2899MHz

0202 - CurrentClockSpeed : 2899MHz

0203 - L1 Cache : 128.00 KB

0204 - L2 Cache : 512.00 KB

 

----------------------------------

03 - Display Devices

----------------------------------

 

0301 - Card name : ATI Radeon HD 4800 Series

0302 - Manufacturer : Advanced Micro Devices, Inc.

0303 - Chip type : ATI display adapter (0x9440)

0304 - DAC type : Internal DAC(400MHz)

0305 - Device Key : Enum\PCI\VEN_1002&DEV_9440&SUBSYS_0502174B&REV_00

0306 - Display Memory : 1912 MB

0307 - AdapterRAM : 512.00 MB

0308 - Current Mode : 1440 x 900 (32 bit) (60Hz)

0309 - Monitor Name : Generic PnP Monitor

0310 - Driver Name : aticfx32.dll,aticfx32.dll,aticfx32.dll,atiumdag.dll,atidxx32.dll,atiumdva.cap

0311 - Driver Version : 8.17.0010.1091

0312 - Driver Language : English

0313 - DDI Version : 10.1

0314 - Driver Model : WDDM 1.1

0315 - Driver Beta : False

0316 - Driver Debug : False

0317 - Driver Date : 7/28/2011 16:40:44

0318 - Driver Size : 726528

0319 - VDD : n/a

0320 - Mini VDD : n/a

0321 - Mini VDD Date : n/a

0322 - Mini VDD Size : 0

0323 - Device Identifier : {D7B71EE2-D700-11CF-B870-0825BEC2C535}

0324 - Vendor ID : 0x1002

0325 - Device ID : 0x9440

0326 - SubSys ID : 0x0502174B

0327 - Revision ID : 0x0000

0328 - Driver Strong Name : oem10.inf:ATI.Mfg.NTx86.6.1:ati2mtag_RV7X:8.881.0.0:pci\ven_1002&dev_9440

0329 - Rank Of Driver : 00E62001

0330 - Video Accel : ModeMPEG2_A ModeMPEG2_C

0331 - Deinterlace Caps : {6E8329FF-B642-418B-BCF0-BCB6591E255F}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{6E8329FF-B642-418B-BCF0-BCB6591E255F}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{3C5323C1-6FB7-44F5-9081-056BF2EE449D}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,2) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{552C0DAD-CCBC-420B-83C8-74943CF9F1A6}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,2) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{6E8329FF-B642-418B-BCF0-BCB6591E255F}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC1,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC2,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC3,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC4,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S340,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S342,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

0332 - D3D9 Overlay : Not Supported

0333 - DXVA-HD : Not Supported

0334 - DDraw Status : Enabled

0335 - D3D Status : Enabled

0336 - AGP Status : Enabled

0337 - Notes : No problems found.

 

0338 - OpenGL : 6.1.7600.16385 (win7_rtm.090713-1255)

 

----------------------------------

04 - Memory

----------------------------------

 

0401 - TotalMemory : 3.25 GB

0402 - FreeMemory : 2.34 GB

0403 - Pagefiletotal : 6.50 GB

0404 - Pagefilefree : 5.32 GB

 

0405 - BankLabel : Bank0/1

0406 - Speed : 800 MHz

0407 - TotalWidth : 64 Bits

0408 - Capacity : 1.00 GB

 

0405 - BankLabel : Bank2/3

0406 - Speed : 800 MHz

0407 - TotalWidth : 64 Bits

0408 - Capacity : 1.00 GB

 

0405 - BankLabel : Bank4/5

0406 - Speed : 800 MHz

0407 - TotalWidth : 64 Bits

0408 - Capacity : 1.00 GB

 

0405 - BankLabel : Bank6/7

0406 - Speed : 800 MHz

0407 - TotalWidth : 64 Bits

0408 - Capacity : 1.00 GB

 

----------------------------------

05 - Network

----------------------------------

 

0501 - Description : D-Link DWA-552 XtremeN Desktop Adapter

0502 - Driver Date : 4-21-2010

0503 - Driver Version : 8.0.0.332

 

----------------------------------

06 - BaseBoard

----------------------------------

 

0601 - Product : M2A-VM

0602 - Manufacturer : ASUSTeK Computer INC.

 

----------------------------------

07 - Sound Devices

----------------------------------

 

0701 - Description : Speakers (High Definition Audio Device)

0702 - Default Sound Playback : True

0703 - Default Voice Playback : True

0704 - Hardware ID : HDAUDIO\FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10438232&REV_1000

0705 - Manufacturer ID : 1

0706 - Product ID : 65535

0707 - Type : WDM

0708 - Driver Name : HdAudio.sys

0709 - Driver Version : 6.01.7600.16385

0710 - Driver Attributes : Final Retail

0711 - Date and Size : 7/13/2009 18:51:47

0713 - Driver Provider : Microsoft

0714 - Min/Max Sample Rate : 4633682, 4633682

0715 - Static/Strm HW Mix Bufs : 4633682, 4633682

0716 - Static/Strm HW 3D Bufs : 4633682, 4633682

0717 - HW Memory : 4633690

0718 - Voice Management : False

0719 - EAX 2.0 Listen/Src : False, False

0720 - I3DL2 Listen/Src : False, False

0721 - Notes : No problems found.

 

0701 - Description : Digital Output Device (SPDIF) (High Definition Audio Device)

0702 - Default Sound Playback : False

0703 - Default Voice Playback : False

0704 - Hardware ID : HDAUDIO\FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10438232&REV_1000

0705 - Manufacturer ID : 1

0706 - Product ID : 65535

0707 - Type : WDM

0708 - Driver Name : HdAudio.sys

0709 - Driver Version : 6.01.7600.16385

0710 - Driver Attributes : Final Retail

0711 - Date and Size : 7/13/2009 18:51:47

0713 - Driver Provider : Microsoft

0714 - Min/Max Sample Rate : 4633682, 4633682

0715 - Static/Strm HW Mix Bufs : 4633682, 4633682

0716 - Static/Strm HW 3D Bufs : 4633682, 4633682

0717 - HW Memory : 4633690

0718 - Voice Management : False

0719 - EAX 2.0 Listen/Src : False, False

0720 - I3DL2 Listen/Src : False, False

0721 - Notes : No problems found.

 

 

----------------------------------

08 - Hard Disk

----------------------------------

 

0801 - Model : ST3500418AS ATA Device(Seagate, 500G)

0802 - MediaType : Fixed hard disk media

0803 - Size : 465.76 GB

0804 - InterfaceType : NULL

 

0807 - Caption : C:\

0808 - Capacity : 465.75 GB

0809 - FreeSpace : 356.71 GB

0810 - DriveType : 3-Fixed

0811 - FileSystem : NTFS

 

----------------------------------

09 - Process

----------------------------------

 

0901 - 000 Idle 0 0 0

0901 - 004 System 0 0 0

0901 - 0fc smss.exe 0 0 0 normal C:\Windows\system32

0901 - 158 csrss.exe 0 0 0 normal C:\Windows\system32

0901 - 1a8 csrss.exe 1 174 80 normal C:\Windows\system32

0901 - 1b0 wininit.exe 0 0 0 high C:\Windows\system32

0901 - 1e0 winlogon.exe 1 6 0 high C:\Windows\system32

0901 - 214 services.exe 0 0 0 normal C:\Windows\system32

0901 - 224 lsass.exe 0 0 0 normal C:\Windows\system32

0901 - 22c lsm.exe 0 0 0 normal C:\Windows\system32

0901 - 294 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 2d0 ASCService.exe 0 0 0 high C:\Program Files\IObit\Advanced SystemCare 5

0901 - 30c svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 33c svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 390 PskSvc.exe 0 0 0 normal C:\Program Files\Panda Security\Panda Global Protection 2012

0901 - 3c4 TPSrv.exe 0 0 0 normal C:\Program Files\Panda Security\Panda Global Protection 2012

0901 - 3f0 atiesrxx.exe 0 0 0 normal C:\Windows\system32

0901 - 430 svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 450 svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 470 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 4c0 audiodg.exe 0 0 0

0901 - 500 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 518 atieclxx.exe 1 9 6 normal C:\Windows\system32

0901 - 64c svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 748 spoolsv.exe 0 0 0 normal C:\Windows\System32

0901 - 764 WebProxy.exe 0 0 0 normal C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2012

0901 - 76c Dwm.exe 1 16 2 high C:\Windows\system32

0901 - 7a4 Explorer.EXE 1 334 213 normal C:\Windows

0901 - 070 Fuel.Service.exe 0 0 0 normal C:\Program Files\ATI Technologies\ATI.ACE\Fuel

0901 - 13c taskhost.exe 1 13 15 normal C:\Windows\system32

0901 - 548 taskeng.exe 1 9 3 normal C:\Windows\system32

0901 - 6fc AppleMobileDeviceService.exe 0 0 0 normal C:\Program Files\Common Files\Apple\Mobile Device Support

0901 - 730 mDNSResponder.exe 0 0 0 normal C:\Program Files\Bonjour

0901 - 7f0 PsCtrls.exe 0 0 0 normal C:\Program Files\Panda Security\Panda Global Protection 2012

0901 - 168 taskeng.exe 1 9 3 normal C:\Windows\system32

0901 - 724 PavFnSvr.exe 0 0 0 normal C:\Program Files\Panda Security\Panda Global Protection 2012

0901 - 80c pavprsrv.exe 0 0 0 normal C:\Program Files\Common Files\Panda Security\PavShld

0901 - 834 pavsrvx86.exe 0 0 0 high C:\Program Files\Panda Security\Panda Global Protection 2012

0901 - 898 AVENGINE.EXE 0 0 0 normal C:\Program Files\Panda Security\Panda Global Protection 2012

0901 - 8a4 PSHOST.EXE 0 0 0 normal c:\program files\panda security\panda global protection 2012\firewall

0901 - 8f8 PsImSvc.exe 0 0 0 normal C:\Program Files\Panda Security\Panda Global Protection 2012

0901 - 944 sppsvc.exe 0 0 0 normal C:\Windows\system32

0901 - 990 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 9ac svchost.exe 0 0 0 normal C:\Windows\system32

0901 - b58 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - cc4 ApVxdWin.exe 1 81 24 normal C:\Program Files\Panda Security\Panda Global Protection 2012

0901 - ce8 ASCTray.exe 1 64 39 normal C:\Program Files\IObit\Advanced SystemCare 5

0901 - f28 avciman.exe 1 82 25 normal C:\Program Files\Panda Security\Panda Global Protection 2012

0901 - f8c MOM.exe 1 10 9 normal C:\Program Files\ATI Technologies\ATI.ACE\Core-Static

0901 - 82c CCC.exe 1 103 61 normal C:\Program Files\ATI Technologies\ATI.ACE\Core-Static

0901 - c88 wmiprvse.exe 0 0 0 normal C:\Windows\system32\wbem

0901 - 984 PresentationFontCache.exe 0 0 0 normal C:\Windows\Microsoft.Net\Framework\v3.0\WPF

0901 - b4c Asc.exe 1 1459 266 normal C:\Program Files\IObit\Advanced SystemCare 5

0901 - 304 SRVLOAD.EXE 1 48 11 normal C:\Program Files\Panda Security\Panda Global Protection 2012

0901 - ec8 PavBckPT.exe 1 9 4 normal C:\Program Files\Panda Security\Panda Global Protection 2012

0901 - d3c ToolBox.exe 1 492 112 normal C:\Program Files\IObit\Advanced SystemCare 5

0901 - a60 svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 320 Sus10_SysExplorer.exe 1 132 46 normal C:\Program Files\IObit\Advanced SystemCare 5

0901 - eb8 wmiprvse.exe 0 0 0 normal C:\Windows\system32\wbem

 

 

----------------------------------

10 - Service

----------------------------------

 

1001 - Advanced SystemCare Service 5 - [C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe]

1001 - Application Experience - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - AMD External Events Utility - [C:\Windows\system32\atiesrxx.exe]

1001 - AMD FUEL Service - [C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService]

1001 - Application Information - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Apple Mobile Device - ["C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"]

1001 - Windows Audio Endpoint Builder - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Audio - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - Base Filtering Engine - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork]

1001 - Background Intelligent Transfer Service - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Bonjour Service - ["C:\Program Files\Bonjour\mDNSResponder.exe"]

1001 - Computer Browser - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Cryptographic Services - [C:\Windows\system32\svchost.exe -k NetworkService]

1001 - DHCP Client - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - DNS Client - [C:\Windows\system32\svchost.exe -k NetworkService]

1001 - Wired AutoConfig - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Extensible Authentication Protocol - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Windows Event Log - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - COM+ Event System - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Windows Font Cache Service - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Windows Presentation Foundation Font Cache 3.0.0.0 - [C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe]

1001 - Human Interface Device Access - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - IKE and AuthIP IPsec Keying Modules - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - CNG Key Isolation - [C:\Windows\system32\lsass.exe]

1001 - Server - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Workstation - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - TCP/IP NetBIOS Helper - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - Multimedia Class Scheduler - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Windows Firewall - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork]

1001 - Network Connections - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Network List Service - [C:\Windows\System32\svchost.exe -k LocalService]

1001 - Network Location Awareness - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - Network Store Interface Service - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Panda Software Controller - ["C:\Program Files\Panda Security\Panda Global Protection 2012\PsCtrls.exe"]

1001 - Panda Function Service - ["C:\Program Files\Panda Security\Panda Global Protection 2012\PavFnSvr.exe"]

1001 - Panda Process Protection Service - ["C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe"]

1001 - Panda On-Access Anti-Malware Service - ["C:\Program Files\Panda Security\Panda Global Protection 2012\pavsrvx86.exe"]

1001 - Plug and Play - [C:\Windows\system32\svchost.exe -k DcomLaunch]

1001 - IPsec Policy Agent - [C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted]

1001 - Power - [C:\Windows\system32\svchost.exe -k DcomLaunch]

1001 - User Profile Service - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Panda Host Service - ["c:\program files\panda security\panda global protection 2012\firewall\PSHOST.EXE"]

1001 - Panda IManager Service - ["C:\Program Files\Panda Security\Panda Global Protection 2012\PsImSvc.exe"]

1001 - Panda PSK service - ["C:\Program Files\Panda Security\Panda Global Protection 2012\PskSvc.exe"]

1001 - Remote Access Connection Manager - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Security Accounts Manager - [C:\Windows\system32\lsass.exe]

1001 - System Event Notification Service - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Shell Hardware Detection - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Print Spooler - [C:\Windows\System32\spoolsv.exe]

1001 - Software Protection - [C:\Windows\system32\sppsvc.exe]

1001 - SSDP Discovery - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Secure Socket Tunneling Protocol Service - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Windows Image Acquisition (WIA) - [C:\Windows\system32\svchost.exe -k imgsvc]

1001 - Superfetch - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Telephony - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - Themes - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Panda TPSrv - ["C:\Program Files\Panda Security\Panda Global Protection 2012\TPSrv.exe"]

1001 - Distributed Link Tracking Client - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - UPnP Device Host - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Desktop Window Manager Session Manager - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Defender - [C:\Windows\System32\svchost.exe -k secsvcs]

1001 - Windows Management Instrumentation - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - WLAN AutoConfig - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Security Center - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - Windows Driver Foundation - User-mode Driver Framework - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - WWAN AutoConfig - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork]

 

----------------------------------

11 - Windows Express

----------------------------------

 

1101 - SystemScore : 5.9

1102 - MemoryScore : 7.1

1103 - CpuScore : 6.2

1104 - GraphicsScore : 7.5

1105 - GamingScore : 7.5

1106 - DiskScore : 5.9

 

----------------------------------

12 - Event Log

----------------------------------

 

1201 - Time : 9/11/2011 1:10:57 AM

1202 - Source : Winlogon

1203 - Description : Windows license activation failed. Error 0x00000000.

 

1201 - Time : 9/11/2011 1:10:57 AM

1202 - Source : Software Protection Platform Service

1203 - Description : License Activation (slui.exe) failed with the following error code:

0x80070005

 

1201 - Time : 9/10/2011 11:58:26 PM

1202 - Source : Winlogon

1203 - Description : Windows license activation failed. Error 0x00000000.

 

1201 - Time : 9/10/2011 11:58:26 PM

1202 - Source : Software Protection Platform Service

1203 - Description : License Activation (slui.exe) failed with the following error code:

0x80070005

 

1201 - Time : 9/10/2011 11:36:28 PM

1202 - Source : Winlogon

1203 - Description : Windows license activation failed. Error 0x00000000.

 

1201 - Time : 9/10/2011 11:36:28 PM

1202 - Source : Software Protection Platform Service

1203 - Description : License Activation (slui.exe) failed with the following error code:

0x80070005

 

1201 - Time : 9/10/2011 2:42:19 PM

1202 - Source : Winlogon

1203 - Description : Windows license activation failed. Error 0x00000000.

 

1201 - Time : 9/10/2011 2:42:19 PM

1202 - Source : Software Protection Platform Service

1203 - Description : License Activation (slui.exe) failed with the following error code:

0x80070005

 

1201 - Time : 9/10/2011 2:37:43 PM

1202 - Source : Winlogon

1203 - Description : Windows license activation failed. Error 0x00000000.

 

1201 - Time : 9/10/2011 2:37:43 PM

1202 - Source : Software Protection Platform Service

1203 - Description : License Activation (slui.exe) failed with the following error code:

0x80070005

 

1201 - Time : 9/11/2011 1:11:11 AM

1202 - Source : Microsoft-Windows-DNS-Client

1203 - Description : Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume1\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys

 

1201 - Time : 9/11/2011 1:10:58 AM

1202 - Source : Microsoft-Windows-DNS-Client

1203 - Description : Special privileges assigned to new logon.

 

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

 

Privileges: SeAssignPrimaryTokenPrivilege

SeAuditPrivilege

SeImpersonatePrivilege

 

1201 - Time : 9/11/2011 1:10:44 AM

1202 - Source : EventLog

1203 - Description : Special privileges assigned to new logon.

 

Subject:

Security ID: S-1-5-19

Account Name: LOCAL SERVICE

Account Domain: NT AUTHORITY

Logon ID: 0x3e5

 

Privileges: SeAssignPrimaryTokenPrivilege

SeAuditPrivilege

SeImpersonatePrivilege

 

1201 - Time : 9/11/2011 12:05:16 AM

1202 - Source : Service Control Manager

1203 - Description : A cryptographic self test was performed.

 

Subject:

Security ID: S-1-5-18

Account Name: ALEX-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

 

Module: ncrypt.dll

 

Return Code: 0x0

 

1201 - Time : 9/11/2011 12:05:00 AM

1202 - Source : Service Control Manager

1203 - Description : Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume1\Windows\System32\wininet.dll

 

1201 - Time : 9/11/2011 12:04:53 AM

1202 - Source : Service Control Manager

1203 - Description : Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume1\Windows\System32\wininet.dll

 

1201 - Time : 9/10/2011 11:58:51 PM

1202 - Source : Service Control Manager

1203 - Description : Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume1\Windows\System32\wininet.dll

 

1201 - Time : 9/10/2011 11:58:48 PM

1202 - Source : Microsoft-Windows-DNS-Client

1203 - Description : A security-enabled local group was deleted.

 

Subject:

Security ID: S-1-5-18

Account Name: ALEX-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

 

Group:

Security ID: S-1-5-21-2484587572-2066941522-967813385-1003

Group Name: AMD Fuel

Group Domain: Alex-PC

 

Additional Information:

Privileges: -

 

1201 - Time : 9/10/2011 11:58:25 PM

1202 - Source : Microsoft-Windows-DNS-Client

1203 - Description : Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume1\Windows\System32\wininet.dll

 

1201 - Time : 9/10/2011 11:57:15 PM

1202 - Source : DCOM

1203 - Description : The event logging service has shut down.

 

----------------------------------

End of file - 31345 Bytes

 

 

 

 

I recently battled with a huge virus, double checking to see if I have destroyed it completely. Thanks guys!

Link to comment
Share on other sites
jantzaw Newbie

jantzaw

Posted
  • Author
Posted

I'm also including a rootKit Scan.

 

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows 7

Version 6.1.7600

Number of processors #2

==============================================

>SSDT State

==============================================

ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x82EA90AD-->9D03C73A [C:\Windows\system32\DRIVERS\PavProc.sys]

==============================================

>Shadow

==============================================

win32k.sys-->NtUserCreateWindowEx, Type: Address change 0x81F510EE-->9D03CACC [C:\Windows\system32\DRIVERS\PavProc.sys]

win32k.sys-->NtUserDestroyWindow, Type: Address change 0x81F47B20-->9D03CC92 [C:\Windows\system32\DRIVERS\PavProc.sys]

win32k.sys-->NtUserMessageCall, Type: Address change 0x81F71A6F-->9D03CCD2 [C:\Windows\system32\DRIVERS\PavProc.sys]

win32k.sys-->NtUserPostMessage, Type: Address change 0x81F68C7A-->9D03CE2C [C:\Windows\system32\DRIVERS\PavProc.sys]

win32k.sys-->NtUserPostThreadMessage, Type: Address change 0x81F668FD-->9D03CF48 [C:\Windows\system32\DRIVERS\PavProc.sys]

==============================================

>Processes

==============================================

0x8804ABE0 [112] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc., AMD Fuel Service)

0x86CC3320 [252] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)

0x880738F0 [316] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)

0x878AB6D8 [344] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x878E76F8 [424] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x878F36F8 [432] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)

0x879DD530 [480] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)

0x87A39530 [532] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)

0x87AFE8F0 [548] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)

0x87A58530 [556] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)

0x86B51D40 [660] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x87BE5030 [720] C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit, Advanced SystemCare Service)

0x87FD5290 [772] C:\Program Files\Panda Security\Panda Global Protection 2012\SrvLoad.exe (Panda Security, S.L., Panda AntiSpam Trainer)

0x87C126F0 [780] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x87C28C08 [828] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x87C3B858 [912] C:\Program Files\Panda Security\Panda Global Protection 2012\psksvc.exe (Panda Security, S.L., Anti-malware protection support executable)

0x87C4F750 [964] C:\Program Files\Panda Security\Panda Global Protection 2012\TPSrv.exe (Panda Security, S.L., TPSrv Application)

0x87C56030 [1008] C:\Windows\System32\atiesrxx.exe (AMD, AMD External Events Service Module)

0x87A24030 [1072] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x87A58030 [1104] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x879D8030 [1136] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x87CA9030 [1280] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x87CAA8A8 [1304] C:\Windows\System32\atieclxx.exe (AMD, AMD External Events Client Module)

0x87F0B6F8 [1612] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x88129D40 [1788] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., MobileDeviceService)

0x881C7500 [1828] C:\Program Files\Panda Security\Panda Global Protection 2012\PavFnSvr.exe (Panda Security, S.L., Panda Function Service)

0x8813F0A0 [1840] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)

0x86B9BD40 [1864] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)

0x87B9D030 [1892] C:\Program Files\Panda Security\Panda Global Protection 2012\WebProxy.exe (Panda Security, S.L., Internet resident proxy)

0x87FF5A20 [1900] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)

0x88039D40 [1956] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)

0x88184500 [2032] C:\Program Files\Panda Security\Panda Global Protection 2012\PsCtrlS.exe (Panda Security, S.L., Panda Software Controler)

0x88236500 [2060] C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L., Panda Process Protection Service)

0x879C1D40 [2092] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc., Catalyst Control Center: Host application)

0x88259500 [2100] C:\Program Files\Panda Security\Panda Global Protection 2012\pavsrvx86.exe (Panda Security, S.L., Enhanced On-Access Anti-Malware Service)

0x882CC6F0 [2200] C:\Program Files\Panda Security\Panda Global Protection 2012\AVENGINE.EXE (Panda Security, S.L., Enhanced On-Access Anti-Malware Protection)

0x882B5C98 [2212] C:\Program Files\Panda Security\Panda Global Protection 2012\FIREWALL\PSHost.exe (Panda Security International, Panda Host Service)

0x88365D40 [2296] C:\Program Files\Panda Security\Panda Global Protection 2012\PsImSvc.exe (Panda Security S.L., Panda Interface Manager Service)

0x883986F8 [2372] C:\Windows\System32\sppsvc.exe (Microsoft Corporation, Microsoft Software Protection Platform Service)

0x8812F8C0 [2436] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation, PresentationFontCache.exe)

0x883F99D0 [2448] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x88410838 [2476] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8809BD40 [2656] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8856AD40 [2904] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x8863B8A0 [3268] C:\Program Files\Panda Security\Panda Global Protection 2012\ApVxdWin.exe (Panda Security, S.L., Panda permanent protection)

0x85B42030 [3440] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))

0x85B94598 [3568] C:\Program Files\D-Link\DWA-552 revA\wirelesscm.exe (D-Link Corp., D-Link WLAN Application)

0x85FBAD40 [3648] C:\Windows\System32\MustBeRandomlyNamed\xdkhtrihL48.exe (UG North, RKULE, SR2 Normandy)

0x8862F4C0 [3764] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)

0x85AB1610 [3784] C:\Program Files\Panda Security\Panda Global Protection 2012\PavBckPT.exe (Panda Security, S.L., PavBckPT Aplicación)

0x8869E970 [3980] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc., Catalyst Control Center: Monitoring program)

0x8608EB50 [4204] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)

0x85BB5538 [4248] C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc., Dropbox)

0x85BA1C88 [4496] C:\Program Files\Common Files\Java\Java Update\jusched .exe (Sun Microsystems, Inc., Java Update Scheduler)

0x85C87598 [4748] C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate .exe (Google Inc., Google Installer)

0x85AF4B20 [4836] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (MadrasAddison Orestes FrenchSophia AmmanBeijing, KrakowGreenfield VaudoisFitzgeraldVenezuelaNairobiAmoco)

0x85B95030 [5252] C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)

0x85B394D0 [5352] C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)

0x85C2B390 [5372] C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc., Google Chrome)

0x85903C40 [4] System

0x85C7FD40 [1384] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )

==============================================

>Drivers

==============================================

0x91E06000 C:\Windows\system32\DRIVERS\atikmdag.sys 8724480 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)

0x82C47000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)

0x82C47000 PnpManager 4259840 bytes

0x82C47000 RAW 4259840 bytes

0x82C47000 WMIxWDM 4259840 bytes

0x81EC0000 Win32k 2408448 bytes

0x81EC0000 C:\Windows\System32\win32k.sys 2408448 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8BE02000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)

0x94029000 C:\Windows\system32\DRIVERS\athr.sys 1277952 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)

0x8362F000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)

0x92658000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8BC1F000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)

0x83286000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)

0x9D062000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x9A495000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x83331000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0x9D124000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)

0x9160F000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)

0x8379C000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)

0x9143E000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x9DE1A000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)

0x94513000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)

0x9D1A5000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x9279C000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x83476000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x833B0000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)

0x9A42C000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x94434000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x83244000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)

0x916CB000 C:\Windows\system32\DRIVERS\atikmpag.sys 266240 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)

0x9153F000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x8BF85000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x8BCD6000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)

0x9A568000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x9270F000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)

0x94493000 C:\Windows\system32\drivers\AtihdW73.sys 229376 bytes (Advanced Micro Devices, AMD High Definition Audio Function Driver)

0x82C10000 ACPI_HAL 225280 bytes

0x82C10000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x8352B000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x915A0000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)

0x8BD51000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)

0x91498000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x8BF4B000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x91752000 C:\Windows\system32\DRIVERS\neti1644.sys 196608 bytes (Panda Security, S.L., netimflt)

0x9A5C5000 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys 192512 bytes (Advanced Micro Devices, AMD OverDrive Service Driver)

0x944CB000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x8BDB9000 C:\Windows\system32\Drivers\IDSFLT.SYS 188416 bytes (Panda Security, S.L., Intrusion Detection System)

0x8BFCC000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)

0x8375E000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x9DE85000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)

0x83420000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x9D03B000 C:\Windows\system32\DRIVERS\PavProc.sys 159744 bytes (Panda Security, S.L., Panda Protection driver)

0x91400000 C:\Windows\system32\Drivers\NETFLTDI.SYS 155648 bytes (Panda Security, S.L., Panda TDI Filter)

0x917B9000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)

0x8BD94000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)

0x8BD14000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)

0x92767000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )

0x834FF000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)

0x9A545000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x94000000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x9D103000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)

0x91699000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x83570000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x8BC00000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x92748000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x914D1000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x82150000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)

0x9179C000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)

0x94400000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x9A5A3000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x94176000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)

0x915D4000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x9DE6C000 C:\Windows\system32\drivers\av5flt.sys 102400 bytes

0x9A51A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x944FA000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)

0x91673000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x9419A000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)

0x941D1000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x9170C000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x91724000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x9173B000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x835BA000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)

0x945D1000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0x834D6000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)

0x91426000 C:\Windows\system32\DRIVERS\smb.sys 90112 bytes (Microsoft Corporation, SMB Transport driver)

0x9A400000 C:\Windows\system32\Drivers\APPFLT.SYS 77824 bytes (Panda Security, S.L., Panda APPFLT)

0x945AA000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)

0x83789000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x9A482000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x91514000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x941BF000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)

0x9A533000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x916BA000 C:\Windows\system32\DRIVERS\amdppm.sys 69632 bytes (Microsoft Corporation, Processor Device Driver)

0x9441B000 C:\Windows\system32\DRIVERS\amm8660.sys 69632 bytes (Panda Security, S.L., Panda Anti-Malware File System Minifilter)

0x8BD83000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x94584000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes

0x8355F000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x94482000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x83455000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)

0x8322B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x914F0000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)

0x917DF000 C:\Windows\system32\DRIVERS\amdiox86.sys 65536 bytes (Advanced Micro Devices, AMD IO Driver)

0x915EE000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x8BD39000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)

0x9A472000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x91527000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)

0x83466000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)

0x927E7000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x9168B000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)

0x91506000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x835AC000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x834C8000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x83600000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)

0x917EF000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x833A2000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)

0x941B2000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)

0x94563000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x91782000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)

0x9178F000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)

0x9D18E000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x83617000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x91594000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)

0x9A41A000 C:\Windows\system32\Drivers\DSAFLT.SYS 49152 bytes (Panda Security, S.L., -)

0x945E8000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)

0x8BDF2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x94570000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes

0x9416B000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0x9459F000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0x83220000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)

0x945F4000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)

0x945C6000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0x835A1000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x941E9000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x835D1000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x8344A000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)

0x94595000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x94478000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)

0x9158A000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x91580000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x834EC000 C:\Windows\system32\Drivers\pavboot.sys 40960 bytes (Panda Security, S.L., Panda Boot Driver)

0x941F4000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)

0x9D0F9000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x94190000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)

0x92792000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0x94161000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)

0x9D19B000 C:\Windows\system32\Drivers\WNMFLT.SYS 40960 bytes (Panda Security, S.L., -)

0x83522000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)

0x834F6000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x9457B000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes

0x8360E000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x9DEAF000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x82120000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x8BF7C000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)

0x83200000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x8323C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x8BD49000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)

0x83209000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x83624000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x83591000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)

0x83599000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)

0x91537000 C:\Windows\System32\DRIVERS\ShlDrv51.sys 32768 bytes (Panda Security, S.L., PandaShield driver)

0x8BFC4000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x8BDEB000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x9A413000 C:\Windows\system32\DRIVERS\COMFiltr.sys 28672 bytes (-, COMFiltr)

0x945BD000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x8BFF9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x9A5BE000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)

0x834C1000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x914CA000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)

0x9278C000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x91501000 C:\Windows\system32\DRIVERS\jswpslwf.sys 20480 bytes (Atheros Communications, Inc., Atheros Security NDIS 6.0 Filter Driver)

0x9A426000 C:\Windows\system32\Drivers\fnetmon.SYS 16384 bytes (Panda Security, S.L., Panda FNetMon)

0x86B76000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Serial Kernel Debugger)

0x941FE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x945C4000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

==============================================

>Stealth

==============================================

0x07440000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 1011712 bytes

0x03D50000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 102400 bytes

0x085A0000 Hidden Image-->Microsoft.WindowsAPICodePack.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 102400 bytes

0x07B50000 Hidden Image-->Branding.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 110592 bytes

0x00500000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x8869E970 ] PID: 3980, 118784 bytes

0x01850000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 118784 bytes

0x05380000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 118784 bytes

0x07EC0000 Hidden Image-->CLI.Aspect.User.Fuel.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 1282048 bytes

0x07A10000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 1306624 bytes

0x066E0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 184320 bytes

0x07780000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 184320 bytes

0x04D00000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 192512 bytes

0x076E0000 Hidden Image-->ResourceManagement.Foundation.Implementation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 192512 bytes

0x08000000 Hidden Image-->CLI.Combined.Graphics.Aspects1.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 2060288 bytes

0x08930000 Hidden Image-->CLI.Combined.Graphics.Aspects2.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 2469888 bytes

0x05190000 Hidden Image-->CLI.Combined.Graphics.Aspects2.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 258048 bytes

0x06FE0000 Hidden Image-->Localization.Foundation.Implementation.default_Localization.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 266240 bytes

0x08390000 Hidden Image-->CLI.Foundation.Client.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 274432 bytes

0x00850000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x8869E970 ] PID: 3980, 28672 bytes

0x008E0000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x8869E970 ] PID: 3980, 28672 bytes

0x00AD0000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x00B10000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x01AD0000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x03DE0000 Hidden Image-->AEM.Server.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x040B0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x040A0000 Hidden Image-->AEM.Plugin.DPPE.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x040C0000 Hidden Image-->AEM.Plugin.WinMessages.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x04120000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x04110000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x04150000 Hidden Image-->DEM.Graphics.I1010.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x04700000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x04D60000 Hidden Image-->AEM.Plugin.GD.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x04FF0000 Hidden Image-->AEM.Actions.CCAA.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x04EE0000 Hidden Image-->AEM.Plugin.REG.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x04ED0000 Hidden Image-->AEM.Plugin.Audio.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x05030000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x05000000 Hidden Image-->ResourceManagement.Foundation.Private.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x05130000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x05210000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x05450000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x05410000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x053F0000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x053E0000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x05430000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x05420000 Hidden Image-->DEM.Graphics.I0706.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x054C0000 Hidden Image-->CLI.Aspect.AMDHome.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x05F70000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x05F60000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x05FB0000 Hidden Image-->DEM.Graphics.I0703.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x05FD0000 Hidden Image-->DEM.Graphics.I1011.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x06370000 Hidden Image-->atixclib.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x066C0000 Hidden Image-->CLI.Caste.Fuel.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x07280000 Hidden Image-->CLI.Aspect.WiFi.Fuel.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x072F0000 Hidden Image-->CLI.Caste.Platform.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x07340000 Hidden Image-->CLI.Caste.HydraVision.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x073C0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x073E0000 Hidden Image-->AEM.Plugin.EEU.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x07420000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x077C0000 Hidden Image-->CLI.Caste.Fuel.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x07BC0000 Hidden Image-->CLI.Caste.Platform.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x07BE0000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x09110000 Hidden Image-->CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 28672 bytes

0x04CB0000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 315392 bytes

0x06740000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 339968 bytes

0x03EC0000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x8869E970 ] PID: 3980, 36864 bytes

0x01970000 Hidden Image-->CLI.Foundation.XManifest.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x03D70000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x05110000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x05140000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x05220000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x05230000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x053A0000 Hidden Image-->CLI.Aspect.AMDHome.Graphics.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x054D0000 Hidden Image-->CLI.Aspect.UpdateNotification.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x066D0000 Hidden Image-->Fuel.Foundation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x06EC0000 Hidden Image-->CLI.Aspect.DPPE.Fuel.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x07270000 Hidden Image-->CLI.Aspect.CPUOverDrive.Fuel.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x07310000 Hidden Image-->CLI.Aspect.AMDOverDrive.Platform.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x072B0000 Hidden Image-->CLI.Aspect.CPUOverDrive.Fuel.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x072A0000 Hidden Image-->CLI.Aspect.Fets.Fuel.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x072C0000 Hidden Image-->CLI.Aspect.CPUPStates.Fuel.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x072E0000 Hidden Image-->CLI.Caste.Platform.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x07330000 Hidden Image-->CLI.Caste.HydraVision.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x07320000 Hidden Image-->CLI.Aspect.AMDOverDrive.Platform.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x07370000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 36864 bytes

0x07720000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 389120 bytes

0x07820000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 389120 bytes

0x06E40000 Hidden Image-->LOCALIZATION.Foundation.Private.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 397312 bytes

0x07880000 Hidden Image-->CLI.Component.Systemtray.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 430080 bytes

0x00550000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x8869E970 ] PID: 3980, 45056 bytes

0x00530000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x8869E970 ] PID: 3980, 45056 bytes

0x03EB0000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x8869E970 ] PID: 3980, 45056 bytes

0x004C0000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x007F0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x00B00000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x01AE0000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x04D50000 Hidden Image-->CoreAudioApi.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x05100000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x05200000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x067A0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x066B0000 Hidden Image-->CLI.Caste.Fuel.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x067D0000 Hidden Image-->CLI.Aspect.UpdateNotification.Graphics.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x07430000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x077E0000 Hidden Image-->CLI.Aspect.WiFi.Fuel.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x077D0000 Hidden Image-->CLI.Aspect.Fets.Fuel.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 45056 bytes

0x08CC0000 Hidden Image-->Microsoft.WindowsAPICodePack.Shell.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 512000 bytes

0x01AC0000 Hidden Image-->CLI.Foundation.Private.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 53248 bytes

0x03D00000 Hidden Image-->AEM.Server.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 53248 bytes

0x040D0000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 53248 bytes

0x055E0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 53248 bytes

0x05150000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 53248 bytes

0x05400000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 53248 bytes

0x05440000 Hidden Image-->CLI.Aspect.UpdateNotification.Graphics.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 53248 bytes

0x06710000 Hidden Image-->CLI.Aspect.AMDHome.Graphics.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 53248 bytes

0x07810000 Hidden Image-->CLI.Aspect.CPUPStates.Fuel.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 53248 bytes

0x07BD0000 Hidden Image-->CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 53248 bytes

0x09080000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 536576 bytes

0x01AB0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 61440 bytes

0x051D0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 61440 bytes

0x054A0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 61440 bytes

0x05460000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 61440 bytes

0x055F0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 61440 bytes

0x06E00000 Hidden Image-->Fuel.Implementation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 61440 bytes

0x07410000 Hidden Image-->CLI.Component.Client.Shared.Private.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 61440 bytes

0x07BA0000 Hidden Image-->CLI.Aspect.CPUOverDrive.Fuel.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 61440 bytes

0x00AE0000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 69632 bytes

0x01990000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 69632 bytes

0x03F70000 Hidden Image-->AEM.Plugin.Source.Kit.Server.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 69632 bytes

0x05480000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 69632 bytes

0x077F0000 Hidden Image-->CLI.Aspect.DPPE.Fuel.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 69632 bytes

0x00560000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x8869E970 ] PID: 3980, 77824 bytes

0x00B20000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 77824 bytes

0x05160000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 77824 bytes

0x05360000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 77824 bytes

0x05F30000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 77824 bytes

0x08200000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 782336 bytes

0x05340000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 86016 bytes

0x07350000 Hidden Image-->APM.Server.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 86016 bytes

0x083F0000 Hidden Image-->CLI.Component.Dashboard.ProfileManager2.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 86016 bytes

0x053C0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 94208 bytes

0x07040000 Hidden Image-->CLI.Combined.Fusion.Aspects.Runtime.dll [ EPROCESS 0x879C1D40 ] PID: 2092, 94208 bytes

==============================================

Link to comment
Share on other sites
jantzaw Newbie

jantzaw

Posted
  • Author
Posted

>Files

==============================================

!-->[Hidden] C:\Program Files\Panda Security\Panda Global Protection 2012\Temp\dummy.pda

!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1C99D77F.exe_a85a5c9ef9bf107255dbde50bab3ba5be2b04a2f_cab_11dad1ce\Report.wer

!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1C99D77F.exe_a85a5c9ef9bf107255dbde50bab3ba5be2b04a2f_cab_11dad1ce\WERD0A5.tmp.appcompat.txt

!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1C99D77F.exe_a85a5c9ef9bf107255dbde50bab3ba5be2b04a2f_cab_11dad1ce\WERD0D5.tmp.WERInternalMetadata.xml

!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1C99D77F.exe_a85a5c9ef9bf107255dbde50bab3ba5be2b04a2f_cab_11dad1ce\WERD0D6.tmp.hdmp

!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1C99D77F.exe_a85a5c9ef9bf107255dbde50bab3ba5be2b04a2f_cab_11dad1ce\WERD1A2.tmp.mdmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E41.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E42.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E43.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E54.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E55.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E56.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E57.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E68.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E69.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E6A.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E7A.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E7B.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9E7C.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9EEB.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9EFB.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9EFC.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9EFD.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9EFE.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9F0F.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9F10.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9F11.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9F22.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9F23.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9F24.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9F34.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9F35.tmp

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom_new

!-->[Hidden] C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Safe Browsing Download_new

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\02d705b666a8d271d7c223040a738d69[2].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\150_493208-0[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\150_681780-0[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\3029276f074f7f7ffaeb86d3339809d8[1].gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\40_341985-1[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\432b3146b379283acae18b72140e5235[1].gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\468x60[1].htm

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\70_695296-2[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\70_699359-3[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\70_729475-3[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\70_750335-1[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\7e6c292ba086ce70c2c32eb8e2ad8cf5[1].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\8620580d70384928b7fecd63d67a897[1].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\ads[1].htm

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\afr[10].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\afr[1].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\afr[2].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\afr[3].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\afr[4].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\afr[9].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\associatedcontent_com[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\banner02[3].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\banner02[4].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-grTitleCAASQZKM.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-grTitleCAE1ORZT.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-grTitleCAMNU2IC.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-grTitleCAPVT9DK.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-logoCA0HN5P3.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-logoCAPJIWTL.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-logoCATVZV3T.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-mainCA9W2997.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-mainCAITKY7W.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-mainCAPNL9PR.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-mainCAVEHO2G.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-mainCAVPU01H.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-mainCAWBAEO2.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-menuMainCAEY5LTP.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-menuMainCAQW6HDN.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bg-menuMainCAXMBRUZ.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\boobtuberz_com[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bt-searchCARTDWQE.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\bt-searchCAXWHYM1.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\clearCA96H5XO.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\d76839ab7fbcb88de80d91a5738695b1[1].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\freenewslinker_com[2].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\iframe3[1].htm

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\index[4].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\initCAU8L9RP.js

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\initCAXY180W.js

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\initCAY357PR.js

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\layout[4].css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\layout[5].css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\layout[6].css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\newslinker_info[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\resetCA1TX4H0.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\resetCA4W616S.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\resetCA7M4LAE.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\resetCADMA74B.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\resetCAMTLE3E.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\sendtracker[3].gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\ShowContent[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\st[1]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\st[2]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\st[3]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\st[4]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\st[8]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\topdomaintech_com[2].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O3DL6QX\vidstreet_com[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\300_1693467[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\70_735381-1[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\7f5edb454205a3f4c97f98b557e0e497[1].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\8620580d70384928b7fecd63d67a897[1].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\afr[8].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\afr[9].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\banner01[10].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\banner01[9].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\banner02[9].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-grTitleCAC6HW22.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-grTitleCACP987Z.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-grTitleCAMS47V6.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-logoCA1CIKA1.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-logoCA33LR5D.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-logoCAA4F537.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-logoCAAZ0CZW.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-logoCAO1KVOC.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-logoCAOXUJ3D.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-mainCARHBD9W.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-menuMainCA4DIQRA.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-menuMainCA9YKHEG.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-menuMainCAALA2F6.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bg-menuMainCAZBGL16.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bt-searchCAOQVZWF.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bt-searchCATXRF2O.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\bt-searchCAZ6C6S6.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\clear[10].gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\clear[9].gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\countlistings_com[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\d76839ab7fbcb88de80d91a5738695b1[1].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\fe74c40158594fcab48ce2da496b8b9a[1].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\info_48[1]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\init[7].js

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\init[8].js

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\layoutCACDX6II.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\layoutCAEWKT2O.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\layoutCAVIIYMJ.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\layoutCAW1HF27.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\newtopdomainsite_net[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\populardomainsearch_net[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\resetCA4TX4K4.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\resetCAAC6BMC.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\resetCAGBMN05.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\resetCAQFI4EO.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\seekfindget_com[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\service[6].htm

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\service[7].htm

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\snooperfind_com[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\st[10]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\st[9]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GB6DSZ27\yql[1]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\02d705b666a8d271d7c223040a738d69[2].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\468x60[1].htm

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\470_1693467[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\75_1265620[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\7f5edb454205a3f4c97f98b557e0e497[2].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\aab51b6ba6f2fbf08516af29c122f298[2].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\aab51b6ba6f2fbf08516af29c122f298[3].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\afrCACFZOHU.php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\afrCAT92D2Q.php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\afr[10].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\afr[9].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\background_gradient[1]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\banner01[4].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\banner02[4].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bg-grTitleCA2T2CMJ.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bg-grTitleCA7PVPWO.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bg-grTitleCAAP793D.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bg-grTitleCAK2578L.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bg-logoCAXMV8VO.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bg-mainCA3USE1I.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bg-mainCAKW9OXT.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bg-menuMainCA62WP7E.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bg-menuMainCANA8AL2.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bg-menuMainCAPX4TXE.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bg-menuMainCAXBNC5W.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\boobtuberz_com[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bt-searchCACAAY4E.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bt-searchCAM3AAEZ.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bt-searchCAN8ZFQW.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bt-searchCANG12IH.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\bt-searchCARVJL91.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\b[4].gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\clear[11].gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\dnserrordiagoff_webOC[1]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\e91225d09d356957ccd2676d940d7859[2].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\e91225d09d356957ccd2676d940d7859[3].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\ErrorPageTemplate[1]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\fastlinkers_com[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\fe74c40158594fcab48ce2da496b8b9a[1].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\iframe3[2].htm

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\index[10].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\index[6].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\index[8].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\initCAGKARNZ.js

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\initCAHHGIR4.js

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\layoutCAVL0U16.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\linkfindersite_net[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\quantv2[3].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\reset[6].css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\reset[7].css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\saletrackCAECA9EH.pl

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\searchlistingpro_net[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\searchtermpro_net[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\service[8].htm

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\stCAIL4846

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\stCAY5XVEZ

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\st[10]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\st[7]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIZWO4B\yql[2]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\0187847d73fbbb5bd92a052b52beaf48[1].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\0187847d73fbbb5bd92a052b52beaf48[2].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\0187847d73fbbb5bd92a052b52beaf48[3].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\054142165a12b91d404c1ae2811af124[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\150_1328422[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\150_1800173[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\150_1802389[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\150_1803875[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\150_1806505[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\150_581925-0[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\70_761490-2[1].jpg

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\7e6c292ba086ce70c2c32eb8e2ad8cf5[2].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\8acc1d589d8c1f0afd5b0412b50d901c[2].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\8acc1d589d8c1f0afd5b0412b50d901c[3].swf

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\ads[2].htm

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\ads[3].htm

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\afr[1].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\afr[2].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\afr[3].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\afr[4].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\afr[5].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\afr[6].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\afr[7].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\afr[8].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\besttopdomain_com[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\bg-grTitleCA2QZ4UV.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\bg-grTitleCA73Z17E.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\bg-logoCA2UJK4M.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\bg-logoCAAWCPQX.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\bg-mainCA08LBZO.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\bg-mainCACET1OF.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\bg-menuMainCAGM42H5.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\bg-menuMainCAU9FHLP.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\bg-menuMainCAWUAJCO.gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\bt-search[10].gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\bt-search[9].gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\bullet[2]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\clear[4].gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\cm[2].gif

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\down[1]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\errorPageStrings[2]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\foundclips_com[1].txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\httpErrorPagesScripts[1]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\iframe3[1].htm

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\indexCA0OUUEF.php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\indexCA6HS9Z4.php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\indexCAAP0QN7.php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\indexCAU20WSQ.php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\indexCAVYY9AA.php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\indexCAXKAT8M.php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\index[4].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\index[7].php

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\initCA1JX88F.js

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\initCA80EPUF.js

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\initCAKXTNEA.js

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\layoutCA7SEB6U.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\layoutCABLHO34.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\layoutCAM7IKYM.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\layoutCAZ58QIW.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\noites-webTv_fa_auto_trailer[1].mp4

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\resetCAP5WMHB.css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\reset[6].css

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\st[1]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\st[2]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\st[3]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\st[4]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\st[5]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\st[6]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YZI7NB\st[7]

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q63K340C\2100573%2F0%2F225%2FAdId%3D1860111%3BBnId%3D1%3Bitime%3D671322205%3Bkvsegments%3D%24%7Bseller_seg_codes%7D%3Blink%3D;ord=671322205[1].htm0;

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2M8H7Z4B.txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\EL3K4DOS.txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FSQC3O22.txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\I5C246X8.txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\L4QW93L1.txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MHJWWRA9.txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\TFLGPCWE.txt

!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\V58ADTLH.txt

!-->[Hidden] C:\Windows\Temp\PSSysChk.log

==============================================

Link to comment
Share on other sites
jantzaw Newbie

jantzaw

Posted
  • Author
Posted

>Hooks

==============================================

[1136]svchost.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x74892BBC-->00000000 [unknown_code_page]

[1136]svchost.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x748944B1-->00000000 [unknown_code_page]

[1136]svchost.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x748946B7-->00000000 [unknown_code_page]

[1136]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76FB6298-->00000000 [unknown_code_page]

[1136]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76FB51C0-->00000000 [unknown_code_page]

[1136]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76FB5D40-->00000000 [unknown_code_page]

[1136]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7625C198-->00000000 [unknown_code_page]

[1136]svchost.exe-->user32.dll-->GetForegroundWindow, Type: Inline - RelativeJump 0x7626565D-->00000000 [unknown_code_page]

[1136]svchost.exe-->user32.dll-->WindowFromPoint, Type: Inline - RelativeJump 0x76286D0C-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->ActivateActCtx, Type: IAT modification 0x010010A0-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x0100105C-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->CreateActCtxW, Type: IAT modification 0x010010D0-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->DeactivateActCtx, Type: IAT modification 0x01001098-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->DelayLoadFailureHook, Type: IAT modification 0x01001060-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->ExitProcess, Type: IAT modification 0x010010DC-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->ExpandEnvironmentStringsW, Type: IAT modification 0x010010D4-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x0100106C-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->GetCommandLineW, Type: IAT modification 0x010010D8-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->GetLastError, Type: IAT modification 0x01001068-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x01001084-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001064-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->GetProcessHeap, Type: IAT modification 0x010010EC-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x01001090-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->GetTickCount, Type: IAT modification 0x0100108C-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->HeapFree, Type: IAT modification 0x010010FC-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->HeapSetInformation, Type: IAT modification 0x010010B8-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->InterlockedCompareExchange, Type: IAT modification 0x01001070-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->InterlockedExchange, Type: IAT modification 0x01001078-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->LCMapStringW, Type: IAT modification 0x010010C4-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x01001074-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100109C-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->LocalAlloc, Type: IAT modification 0x01001058-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->LocalFree, Type: IAT modification 0x010010F8-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->lstrcmpiW, Type: IAT modification 0x010010BC-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->lstrcmpW, Type: IAT modification 0x010010A8-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->lstrlenW, Type: IAT modification 0x010010C0-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x01001088-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->RegCloseKey, Type: IAT modification 0x010010B0-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->RegDisablePredefinedCacheEx, Type: IAT modification 0x010010E4-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->RegisterWaitForSingleObjectEx, Type: IAT modification 0x010010F4-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->RegOpenKeyExW, Type: IAT modification 0x010010B4-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->RegQueryValueExW, Type: IAT modification 0x010010C8-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->ReleaseActCtx, Type: IAT modification 0x010010CC-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->SetErrorMode, Type: IAT modification 0x010010F0-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->SetProcessAffinityUpdateMode, Type: IAT modification 0x010010E0-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x01001080-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x0100107C-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->UnhandledExceptionFilter, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]

[1612]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: IAT modification 0x01001100-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->EtwEventEnabled, Type: IAT modification 0x01001138-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->EtwEventRegister, Type: IAT modification 0x0100113C-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->EtwEventWrite, Type: IAT modification 0x01001134-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: IAT modification 0x0100110C-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->RtlCopySid, Type: IAT modification 0x0100111C-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->RtlFreeHeap, Type: IAT modification 0x01001140-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->RtlImageNtHeader, Type: IAT modification 0x0100112C-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->RtlInitializeCriticalSection, Type: IAT modification 0x01001124-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->RtlInitializeSid, Type: IAT modification 0x01001118-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->RtlLengthRequiredSid, Type: IAT modification 0x01001110-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->RtlSetProcessIsCritical, Type: IAT modification 0x01001128-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->RtlSubAuthorityCountSid, Type: IAT modification 0x01001120-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->RtlSubAuthoritySid, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]

[1612]svchost.exe-->ntdll.dll-->RtlUnhandledExceptionFilter, Type: IAT modification 0x01001130-->00000000 [unknown_code_page]

[1956]explorer.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x74892BBC-->00000000 [unknown_code_page]

[1956]explorer.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x748944B1-->00000000 [unknown_code_page]

[1956]explorer.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x748946B7-->00000000 [unknown_code_page]

[1956]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76FB6298-->00000000 [unknown_code_page]

[1956]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76FB51C0-->00000000 [unknown_code_page]

[1956]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76FB5D40-->00000000 [unknown_code_page]

[4748]GoogleUpdate .exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C6178C-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C617F0-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C61848-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]

[4748]GoogleUpdate .exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C61844-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x00412008-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61154-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B611E0-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B6118C-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]

[4748]GoogleUpdate .exe-->kernel32.dll-->CreateFileA, Type: IAT modification 0x0041216C-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00412014-->00000000 [apphelp.dll]

[4748]GoogleUpdate .exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x738022C4-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x73802240-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x73802298-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D11524-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]

[4748]GoogleUpdate .exe-->user32.dll-->kernel32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D114B4-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->user32.dll-->kernel32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D11444-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->user32.dll-->kernel32.dll-->RegSetValueExW, Type: IAT modification 0x77D114AC-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x71201290-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x712011D8-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->advapi32.dll-->RegDeleteValueA, Type: IAT modification 0x7120124C-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x712011E0-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x71201298-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x71201274-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x71201294-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x712011E4-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->kernel32.dll-->CopyFileA, Type: IAT modification 0x712012E0-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x712014D4-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x712014D8-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x71201500-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x71201358-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71201454-->00000000 [apphelp.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->kernel32.dll-->MoveFileA, Type: IAT modification 0x7120131C-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->kernel32.dll-->MoveFileExA, Type: IAT modification 0x7120144C-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x71201314-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x71201318-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->kernel32.dll-->SetFileAttributesA, Type: IAT modification 0x71201330-->00000000 [AcGenral.dll]

[4748]GoogleUpdate .exe-->wininet.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x71201404-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C6178C-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C617F0-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C61848-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]

[4836]ASCTray.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C61844-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61154-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B611E0-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B6118C-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]

[4836]ASCTray.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x738022C4-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x73802240-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x73802298-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D11524-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]

[4836]ASCTray.exe-->user32.dll-->kernel32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D114B4-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->user32.dll-->kernel32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D11444-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->user32.dll-->kernel32.dll-->RegSetValueExW, Type: IAT modification 0x77D114AC-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x71201290-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x712011D8-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->advapi32.dll-->RegDeleteValueA, Type: IAT modification 0x7120124C-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x712011E0-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x71201298-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x71201274-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x71201294-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x712011E4-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->kernel32.dll-->CopyFileA, Type: IAT modification 0x712012E0-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x712014D4-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x712014D8-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x71201500-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x71201358-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71201454-->00000000 [apphelp.dll]

[4836]ASCTray.exe-->wininet.dll-->kernel32.dll-->MoveFileA, Type: IAT modification 0x7120131C-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->kernel32.dll-->MoveFileExA, Type: IAT modification 0x7120144C-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x71201314-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x71201318-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->kernel32.dll-->SetFileAttributesA, Type: IAT modification 0x71201330-->00000000 [AcGenral.dll]

[4836]ASCTray.exe-->wininet.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x71201404-->00000000 [AcGenral.dll]

[5252]chrome.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x74892BBC-->00000000 [unknown_code_page]

[5252]chrome.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x748944B1-->00000000 [unknown_code_page]

[5252]chrome.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x748946B7-->00000000 [unknown_code_page]

[5352]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x76FB5046-->00000000 [shell32.dll]

[5352]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x76FB50D6-->00000000 [shell32.dll]

[5352]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x76FB5296-->00000000 [shell32.dll]

[5372]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x76FB5046-->00000000 [shell32.dll]

[5372]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x76FB50D6-->00000000 [shell32.dll]

[5372]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x76FB5296-->00000000 [shell32.dll]

 

 

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

**********************************************

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

***********************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

* Save both reports to your desktop.

* The instructions here ask you to attach the Attach.txt.

 

http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg

 

1) DDS.txt

2) Attach.txt

Instead of attaching, please copy/past both logs into your Thread

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copying and pasting it into the reply.

 

•Close the program window, and delete the program from your desktop.

 

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Link to comment
Share on other sites
jantzaw Newbie

jantzaw

Posted
  • Author
Posted

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by Alex at 14:39:55 on 2011-09-10

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2340 [GMT -5:00]

.

AV: Panda Global Protection 2012 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Global Protection 2012 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Panda Personal Firewall 2012 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Panda Security\Panda Global Protection 2012\PskSvc.exe

C:\Program Files\Panda Security\Panda Global Protection 2012\TPSrv.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2012\WebProxy.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Panda Security\Panda Global Protection 2012\ApVxdWin.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Panda Security\Panda Global Protection 2012\PsCtrls.exe

C:\Program Files\Panda Security\Panda Global Protection 2012\PavFnSvr.exe

C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Global Protection 2012\pavsrvx86.exe

C:\Program Files\Panda Security\Panda Global Protection 2012\AVENGINE.EXE

c:\program files\panda security\panda global protection 2012\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Global Protection 2012\PsImSvc.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Panda Security\Panda Global Protection 2012\SRVLOAD.EXE

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2012\APVXDWIN.EXE" /s

mRun: [sCANINICIO] "c:\program files\panda security\panda global protection 2012\Inicio.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\alex\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Free YouTube to MP3 Converter - c:\users\alex\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.100.254

TCP: Interfaces\{1A1E92FB-12A4-4A46-A33E-C0390B377361} : DhcpNameServer = 192.168.100.254

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avldr - avldr.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2011-9-10 26696]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2011-8-19 20384]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2011-9-10 37448]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-8-26 478040]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-28 176128]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-7-28 291840]

R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2011-9-10 54344]

R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2011-6-24 39424]

R2 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2011-9-10 83528]

R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2011-9-10 13880]

R2 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2011-9-10 53256]

R2 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2011-9-10 22024]

R2 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2011-9-10 193864]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-10 366640]

R2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2011-9-10 159112]

R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda global protection 2012\PsCtrlS.exe [2011-9-10 173312]

R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda global protection 2012\PavFnSvr.exe [2011-9-10 202048]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2011-9-10 163848]

R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2011-9-10 62768]

R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda global protection 2012\pavsrvx86.exe [2011-9-10 314176]

R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda global protection 2012\psksvc.exe [2011-9-10 28992]

R2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2011-9-10 46856]

R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-7-30 37944]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-28 8396800]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-28 247296]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-6-6 211984]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-10 22712]

R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [2011-9-10 201032]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\d-link\dwa-552 reva\jswpsapi.exe [2011-8-19 954368]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-27 1343400]

.

=============== File Associations ===============

.

JSEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*

VBEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*

VBSFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-09-10 19:00:05 -------- d-----w- c:\users\alex\appdata\roaming\Malwarebytes

2011-09-10 18:58:57 -------- d-----w- c:\users\alex\appdata\roaming\SUPERAntiSpyware.com

2011-09-10 18:58:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-09-10 18:58:42 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-10 18:58:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-10 18:58:30 -------- d-----w- c:\programdata\Malwarebytes

2011-09-10 18:58:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-10 18:58:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-10 17:40:39 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed

2011-09-10 06:42:41 -------- d-----w- c:\users\alex\appdata\local\Panda Security

2011-09-10 06:40:49 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys

2011-09-10 06:40:31 167376 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT

2011-09-10 06:40:26 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys

2011-09-10 06:40:26 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys

2011-09-10 06:40:26 193864 ----a-w- c:\windows\system32\drivers\idsflt.sys

2011-09-10 06:40:18 83528 ----a-w- c:\windows\system32\drivers\APPFLT.SYS

2011-09-10 06:40:18 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys

2011-09-10 06:40:18 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS

2011-09-10 06:40:07 -------- d-----w- c:\programdata\Backup

2011-09-10 06:40:02 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys

2011-09-10 06:40:00 54832 ----a-w- c:\windows\system32\pavcpl.cpl

2011-09-10 06:33:15 -------- d-----w- c:\program files\common files\Bitdefender

2011-09-10 06:32:29 -------- d-----w- c:\users\alex\appdata\roaming\QuickScan

2011-09-10 06:05:04 -------- d-----w- c:\program files\AMD APP

2011-09-10 06:03:34 225280 ----a-w- c:\windows\system32\rewire.dll

2011-09-10 06:03:11 1554944 ----a-w- c:\windows\system32\vorbis.acm

2011-09-10 05:56:10 819729 ----a-w- c:\windows\system32\mrvcl32.exe

2011-09-09 23:30:30 -------- d-----r- c:\users\alex\Dropbox

2011-09-09 23:27:10 -------- d-----w- c:\users\alex\appdata\roaming\Dropbox

2011-09-09 13:20:58 -------- d-----w- c:\program files\Runes of Magic

2011-09-09 03:43:51 -------- d-----w- c:\program files\common files\Blizzard Entertainment

2011-09-09 02:30:35 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b0f95608-a0d6-433c-81f7-8e2998374dd1}\mpengine.dll

2011-09-06 04:22:41 -------- d-----w- c:\users\alex\appdata\roaming\.jagex_cache_22

2011-09-05 02:38:59 -------- d-----w- c:\program files\Paint.NET

2011-09-05 02:38:41 -------- d-----w- c:\users\alex\appdata\local\Paint.NET

2011-09-01 22:48:53 -------- d-----w- c:\users\alex\appdata\roaming\Win7codecs

2011-09-01 22:48:50 -------- d-----w- c:\program files\Win7codecs

2011-09-01 22:48:17 -------- d-----w- c:\programdata\Win7codecs

2011-09-01 21:45:46 -------- d-----w- c:\users\alex\appdata\local\TechSmith

2011-09-01 21:45:18 411480 ----a-w- c:\windows\system32\tsccvid.dll

2011-09-01 21:45:17 -------- d-----w- c:\windows\system32\QuickTime

2011-09-01 21:45:07 -------- d-----w- c:\program files\common files\TechSmith Shared

2011-09-01 21:39:15 -------- d-----w- c:\program files\Conduit

2011-09-01 21:39:14 -------- d-----w- c:\users\alex\appdata\local\Conduit

2011-09-01 21:39:05 -------- d-----w- c:\program files\Audacity

2011-09-01 03:42:26 -------- d-----w- c:\users\alex\appdata\local\PMB Files

2011-09-01 03:42:25 -------- d-----w- c:\programdata\PMB Files

2011-09-01 03:42:12 -------- d-----w- c:\program files\Pando Networks

2011-08-29 03:42:32 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-08-27 18:40:02 -------- d-----w- c:\windows\system32\Wat

2011-08-27 16:47:25 -------- d-----w- C:\afterIW

2011-08-27 11:18:27 -------- d-----w- c:\users\alex\appdata\local\Activision

2011-08-27 11:07:32 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2011-08-27 11:07:32 -------- d-----w- c:\program files\MagicDisc

2011-08-27 07:09:34 -------- d-----w- c:\users\alex\appdata\roaming\.minecraft

2011-08-27 04:22:28 -------- d-----w- c:\users\alex\appdata\roaming\Azureus

2011-08-27 04:21:37 -------- d-----w- c:\program files\Vuze

2011-08-26 21:04:50 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-26 21:04:13 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-26 21:04:13 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-26 21:03:45 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-26 21:00:57 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-08-26 20:59:42 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-08-26 20:59:20 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-08-26 20:58:57 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-08-26 20:58:57 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-08-26 20:58:57 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-08-26 20:58:57 428032 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-08-26 20:58:57 337408 ----a-w- c:\windows\system32\mssph.dll

2011-08-26 20:58:57 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-08-26 20:58:57 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-08-26 20:58:57 1553920 ----a-w- c:\windows\system32\tquery.dll

2011-08-26 20:58:57 1401856 ----a-w- c:\windows\system32\mssrch.dll

2011-08-26 20:58:10 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-08-26 20:57:49 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2011-08-26 20:57:28 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-08-26 20:57:28 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-08-26 20:57:28 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-08-26 20:57:06 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-08-26 20:56:44 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-26 20:56:22 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-26 20:55:33 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-08-26 20:55:11 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-08-26 20:54:59 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-08-26 20:54:38 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-08-26 20:53:58 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-08-26 20:53:39 2614784 ----a-w- c:\windows\explorer.exe

2011-08-26 20:53:18 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-08-26 20:53:18 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-08-26 20:52:57 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-08-26 20:52:37 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-08-26 20:52:37 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-08-26 20:51:59 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-08-26 20:51:38 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-08-26 20:51:17 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-08-26 20:51:17 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-08-26 20:50:58 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-08-26 20:50:39 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-08-26 20:50:39 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-08-26 20:50:39 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-08-26 20:50:20 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-08-26 20:50:20 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-08-26 20:50:00 850432 ----a-w- c:\windows\system32\sbe.dll

2011-08-26 20:50:00 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-08-26 20:50:00 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-08-26 20:50:00 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2011-08-26 20:49:40 1289536 ----a-w- c:\windows\system32\ntdll.dll

2011-08-26 20:48:45 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-08-26 20:48:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-08-26 20:48:45 107520 ----a-w- c:\windows\system32\cdd.dll

2011-08-26 20:48:26 3181568 ----a-w- c:\windows\system32\mf.dll

2011-08-26 20:48:26 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-08-26 20:48:26 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-08-26 20:48:26 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2011-08-26 20:48:26 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll

2011-08-26 20:48:26 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-08-26 20:48:26 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2011-08-26 20:48:04 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-08-26 20:46:55 109056 ----a-w- c:\windows\system32\t2embed.dll

2011-08-26 20:46:41 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe

2011-08-26 20:46:41 1413632 ----a-w- c:\windows\system32\ole32.dll

2011-08-26 20:46:26 954752 ----a-w- c:\windows\system32\mfc40.dll

2011-08-26 20:46:26 954288 ----a-w- c:\windows\system32\mfc40u.dll

2011-08-26 20:46:12 530432 ----a-w- c:\windows\system32\comctl32.dll

2011-08-26 20:45:57 738816 ----a-w- c:\windows\system32\wmpmde.dll

2011-08-26 20:45:43 224256 ----a-w- c:\windows\system32\schannel.dll

2011-08-26 20:45:29 101760 ----a-w- c:\windows\system32\consent.exe

2011-08-26 20:45:15 516096 ----a-w- c:\program files\windows mail\wab.exe

2011-08-26 20:45:01 314368 ----a-w- c:\windows\system32\webio.dll

2011-08-26 20:44:47 749056 ----a-w- c:\windows\system32\schedsvc.dll

2011-08-26 20:44:47 496128 ----a-w- c:\windows\system32\taskschd.dll

2011-08-26 20:44:47 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-08-26 20:44:47 305152 ----a-w- c:\windows\system32\taskcomp.dll

2011-08-26 20:44:47 192000 ----a-w- c:\windows\system32\taskeng.exe

2011-08-26 20:44:47 179712 ----a-w- c:\windows\system32\schtasks.exe

2011-08-26 20:44:32 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

2011-08-26 20:43:59 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-08-26 20:43:59 417792 ----a-w- c:\windows\system32\msdri.dll

2011-08-26 20:43:59 204288 ----a-w- c:\windows\system32\MSNP.ax

2011-08-26 20:43:22 164864 ----a-w- c:\program files\windows media player\wmplayer.exe

2011-08-26 20:43:22 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2011-08-26 20:43:07 168448 ----a-w- c:\windows\system32\srvsvc.dll

2011-08-26 20:42:53 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2011-08-26 20:42:41 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2011-08-26 20:42:29 316928 ----a-w- c:\windows\system32\spoolsv.exe

2011-08-26 20:42:04 37376 ----a-w- c:\windows\system32\rtutils.dll

2011-08-26 20:41:52 82944 ----a-w- c:\windows\system32\iccvid.dll

2011-08-26 20:41:52 197632 ----a-w- c:\windows\system32\ir32_32.dll

2011-08-26 20:41:27 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-08-26 20:41:27 49472 ----a-w- c:\windows\system32\netfxperf.dll

2011-08-26 20:41:27 297808 ----a-w- c:\windows\system32\mscoree.dll

2011-08-26 20:41:27 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2011-08-26 20:41:27 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-08-26 20:40:57 67584 ----a-w- c:\windows\system32\asycfilt.dll

2011-08-26 20:40:46 1619968 ----a-w- c:\program files\windows mail\msoe.dll

2011-08-26 20:40:30 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2011-08-26 20:40:30 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2011-08-26 20:40:19 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2011-08-26 20:40:11 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

2011-08-26 20:40:04 172032 ----a-w- c:\windows\system32\wintrust.dll

2011-08-26 20:38:48 507568 ----a-w- c:\windows\system32\winload.exe

2011-08-26 20:38:48 442920 ----a-w- c:\windows\system32\winresume.exe

2011-08-26 20:38:48 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2011-08-26 20:37:37 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2011-08-26 09:11:03 -------- d-----w- c:\programdata\IObit

2011-08-26 09:10:46 -------- d-----w- c:\users\alex\appdata\roaming\IObit

2011-08-26 09:10:41 -------- d-----w- c:\program files\IObit

2011-08-23 20:30:06 -------- d-----w- c:\windows\.jagex_cache_32

2011-08-23 05:21:02 -------- d-----w- c:\program files\iPod

2011-08-23 05:21:01 -------- d-----w- c:\program files\iTunes

2011-08-23 05:17:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-08-23 05:17:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-08-23 05:17:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-08-23 05:17:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-08-23 05:17:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-08-23 05:17:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-08-23 05:17:40 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-08-23 04:54:30 -------- d-----w- c:\users\alex\.jagex_cache_32

2011-08-22 15:05:32 -------- d-sh--w- c:\programdata\DSS

2011-08-19 20:41:26 3978240 ----a-w- c:\windows\system32\x264vfw.dll

2011-08-19 20:36:56 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys

2011-08-19 20:36:56 1268736 ----a-w- c:\windows\system32\drivers\athr.sys

2011-08-19 20:36:56 -------- d-----w- c:\windows\pcidevice

2011-08-19 20:36:55 -------- d-----w- c:\program files\D-Link

2011-08-19 06:00:00 1282560 ----a-w- c:\windows\system32\VSFilter.dll

2011-08-15 05:56:19 -------- d-----w- c:\users\alex\appdata\roaming\DVDVideoSoft

2011-08-15 05:55:58 -------- d-----w- c:\users\alex\appdata\roaming\DVDVideoSoftIEHelpers

2011-08-15 05:55:54 -------- d-----w- c:\program files\DVDVideoSoft

2011-08-15 05:55:54 -------- d-----w- c:\program files\common files\DVDVideoSoft

2011-08-14 17:28:56 -------- d-----w- c:\program files\common files\AVSMedia

2011-08-14 17:28:12 24576 ----a-w- c:\windows\system32\msxml3a.dll

2011-08-14 17:02:33 292864 ----a-w- c:\windows\system32\mfds.dll

2011-08-14 03:57:42 94040 ----a-w- c:\program files\common files\windows live\.cache\50a4bddf1cc5a3608\DSETUP.dll

2011-08-14 03:57:42 525656 ----a-w- c:\program files\common files\windows live\.cache\50a4bddf1cc5a3608\DXSETUP.exe

2011-08-14 03:57:42 1691480 ----a-w- c:\program files\common files\windows live\.cache\50a4bddf1cc5a3608\dsetup32.dll

2011-08-14 03:57:37 94040 ----a-w- c:\program files\common files\windows live\.cache\4db81b7b1cc5a3607\DSETUP.dll

2011-08-14 03:57:37 525656 ----a-w- c:\program files\common files\windows live\.cache\4db81b7b1cc5a3607\DXSETUP.exe

2011-08-14 03:57:37 1691480 ----a-w- c:\program files\common files\windows live\.cache\4db81b7b1cc5a3607\dsetup32.dll

2011-08-14 03:56:33 -------- d-----w- c:\program files\common files\Windows Live

2011-08-13 22:12:11 -------- d-----w- c:\windows\system32\Adobe

2011-08-13 19:23:37 -------- d-----w- c:\users\alex\appdata\local\Microsoft Games

2011-08-13 00:49:58 -------- d-----w- c:\users\alex\appdata\local\Downloaded Installations

2011-08-12 15:28:24 -------- d-----w- c:\program files\common files\Steam

2011-08-12 15:12:49 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2011-08-12 15:12:49 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2011-08-12 15:12:48 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

.

==================== Find3M ====================

.

2011-08-30 16:03:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-29 03:42:32 13824 ----a-w- c:\windows\system32\slwga.dll

2011-08-26 21:00:57 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-26 21:00:57 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-08-26 21:00:28 981504 ----a-w- c:\windows\system32\wininet.dll

2011-08-26 21:00:28 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-26 21:00:28 386048 ----a-w- c:\windows\system32\html.iec

2011-08-26 21:00:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-26 20:47:44 80384 ----a-w- c:\windows\system32\davclnt.dll

2011-08-26 20:47:44 73728 ----a-w- c:\windows\system32\wscsvc.dll

2011-08-26 20:47:44 51200 ----a-w- c:\windows\system32\wscapi.dll

2011-08-26 20:47:44 350720 ----a-w- c:\windows\system32\winhttp.dll

2011-08-26 20:47:44 204800 ----a-w- c:\windows\system32\WebClnt.dll

2011-08-26 20:47:44 204288 ----a-w- c:\windows\system32\upnp.dll

2011-08-26 20:47:44 14336 ----a-w- c:\windows\system32\slwga.dll.bak

2011-08-26 20:47:44 1389568 ----a-w- c:\windows\system32\msxml6.dll

2011-08-26 20:47:44 1236992 ----a-w- c:\windows\system32\msxml3.dll

2011-08-26 20:47:25 541184 ----a-w- c:\windows\system32\kerberos.dll

2011-08-26 20:47:11 573440 ----a-w- c:\windows\system32\odbc32.dll

2011-08-02 16:06:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-28 22:49:12 53760 ----a-w- c:\windows\system32\OVDecode.dll

2011-07-28 22:48:36 13555712 ----a-w- c:\windows\system32\amdocl.dll

2011-07-28 22:22:04 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-07-28 21:44:06 18388480 ----a-w- c:\windows\system32\atioglxx.dll

2011-07-28 21:40:58 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-07-28 21:40:44 726528 ----a-w- c:\windows\system32\aticfx32.dll

2011-07-28 21:36:26 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-07-28 21:35:52 401408 ----a-w- c:\windows\system32\atieclxx.exe

2011-07-28 21:35:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-07-28 21:34:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-07-28 21:33:54 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-07-28 21:33:42 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-07-28 21:33:34 20992 ----a-w- c:\windows\system32\atimuixx.dll

2011-07-28 21:33:26 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-07-28 21:30:26 4198912 ----a-w- c:\windows\system32\atidxx32.dll

2011-07-28 21:11:42 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2011-07-28 21:11:14 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-07-28 21:11:02 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-07-28 21:09:10 4256768 ----a-w- c:\windows\system32\atiumdag.dll

2011-07-28 21:07:24 8247296 ----a-w- c:\windows\system32\aticaldd.dll

2011-07-28 21:03:58 4056064 ----a-w- c:\windows\system32\atiumdva.dll

2011-07-28 21:01:48 52736 ----a-w- c:\windows\system32\coinst.dll

2011-07-28 20:54:42 266240 ----a-w- c:\windows\system32\atiadlxx.dll

2011-07-28 20:54:30 13312 ----a-w- c:\windows\system32\atiglpxx.dll

2011-07-28 20:54:18 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-07-28 20:53:46 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-07-28 20:53:14 31744 ----a-w- c:\windows\system32\atiuxpag.dll

2011-07-28 20:53:00 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-07-28 20:52:26 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-07-28 20:51:04 52736 ----a-w- c:\windows\system32\atimpc32.dll

2011-07-28 20:51:04 52736 ----a-w- c:\windows\system32\amdpcom32.dll

2011-07-27 19:12:42 0 ----a-w- c:\windows\ativpsrm.bin

2011-07-24 00:06:14 151552 ----a-w- c:\windows\system32\ac3acm.acm

2011-07-12 21:56:50 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 04:37:06 43520 ----a-w- c:\windows\system32\OpenCL.dll

2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-07-04 03:48:42 147456 ----a-w- c:\windows\system32\lagarith.dll

2011-06-17 11:34:42 73728 ----a-w- c:\windows\system32\xvid.ax

2011-06-17 11:26:10 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2011-06-17 11:17:28 650752 ----a-w- c:\windows\system32\xvidcore.dll

2011-06-16 08:34:06 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll

2011-06-16 08:34:06 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll

.

============= FINISH: 14:40:54.45 ===============

Link to comment
Share on other sites
jantzaw Newbie

jantzaw

Posted
  • Author
Posted

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 7/27/2011 5:14:49 PM

System Uptime: 9/10/2011 2:35:21 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M2A-VM

Processor: AMD Athlon 7750 Dual-Core Processor | Socket AM2 | 2899/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 356.165 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\ATK0110\1010110

Manufacturer:

Name:

PNP Device ID: ACPI\ATK0110\1010110

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: PavSRK.sys

Device ID: ROOT\LEGACY_PAVSRK.SYS\0000

Manufacturer:

Name: PavSRK.sys

PNP Device ID: ROOT\LEGACY_PAVSRK.SYS\0000

Service: PavSRK.sys

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: PavTPK.sys

Device ID: ROOT\LEGACY_PAVTPK.SYS\0000

Manufacturer:

Name: PavTPK.sys

PNP Device ID: ROOT\LEGACY_PAVTPK.SYS\0000

Service: PavTPK.sys

.

==== System Restore Points ===================

.

RP128: 8/27/2011 6:20:01 AM - Installed Steam

RP129: 8/27/2011 11:29:16 PM - Removed Steam

RP130: 8/31/2011 11:27:00 PM - Installed TROY

RP132: 9/1/2011 11:10:00 AM - Installed DirectX

RP133: 9/1/2011 4:44:43 PM - Installed Camtasia Studio 7

RP134: 9/1/2011 5:48:36 PM - Installed Win7codecs.

RP136: 9/4/2011 9:38:48 PM - Paint.NET v3.5.8

RP137: 9/9/2011 11:30:25 PM - Removed TROY

RP139: 9/10/2011 1:08:25 AM - Windows Defender Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Shockwave Player 11.6

Advanced SystemCare 5

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity Portable

Bonjour

Camtasia Studio 7

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

ccc-utility

CCC Help English

Dropbox

DWA-552

Free YouTube to MP3 Converter version 3.10.8.815

Game Booster 3

Google Chrome

iTunes

Java Auto Updater

Java 6 Update 26

MagicDisc 2.7.106

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft .NET Framework 1.1

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Minecraft Beta Cracked

Mozilla Thunderbird (6.0.2)

MSVCRT Redists

NVIDIA PhysX

Paint.NET v3.5.8

Panda Global Protection 2012

Panda Secure Vault 5

Pando Media Booster

QuickTime

Rootkit Unhooker LE 3.8 SR 2

Runes of Magic

RuneScape Launcher 1.0.4

SUPERAntiSpyware

swMSM

VideoLAN VLC media player 0.8.6f

Vuze

Win7codecs

WinRAR 4.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

9/9/2011 9:36:07 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 2 time(s).

9/9/2011 6:12:36 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 3 time(s).

9/9/2011 11:40:58 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/9/2011 11:40:55 PM, Error: Service Control Manager [7034] - The Software Protection service terminated unexpectedly. It has done this 3 time(s).

9/9/2011 11:40:45 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 2 time(s).

9/9/2011 11:40:39 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 5 time(s).

9/9/2011 11:35:49 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/9/2011 11:35:46 PM, Error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 2 time(s).

9/9/2011 11:16:21 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 4 time(s).

9/6/2011 2:25:54 PM, Error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).

9/10/2011 2:36:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

9/10/2011 2:36:25 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

9/10/2011 2:35:05 PM, Error: Service Control Manager [7023] - The Panda On-Access Anti-Malware Service service terminated with the following error: Incorrect function.

9/10/2011 2:23:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Base Filtering Engine service, but this action failed with the following error: An instance of the service is already running.

9/10/2011 2:21:45 PM, Error: Service Control Manager [7031] - The WWAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 2:21:45 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 2:21:45 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 2:21:45 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 12:21:21 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

9/10/2011 12:10:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x000334ac, 0x8a486a6c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091011-24890-01.

9/10/2011 11:05:25 AM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 11:05:23 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/10/2011 11:05:16 AM, Error: Service Control Manager [7034] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).

9/10/2011 11:05:13 AM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

9/10/2011 11:05:08 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

9/10/2011 11:05:04 AM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

9/10/2011 11:05:00 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

9/10/2011 11:04:53 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

9/10/2011 11:04:48 AM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).

9/10/2011 1:42:16 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "0018E7DEC1C8" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.

9/10/2011 1:40:50 AM, Error: Service Control Manager [7030] - The Panda Software Controller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

9/10/2011 1:32:30 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.

9/10/2011 1:32:30 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

9/10/2011 1:29:30 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

9/10/2011 1:27:48 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/10/2011 1:27:30 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s).

9/10/2011 1:27:30 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/10/2011 1:27:30 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/10/2011 1:27:30 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/10/2011 1:27:30 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/10/2011 1:27:30 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/10/2011 1:27:30 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 1:27:30 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/10/2011 1:27:30 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/10/2011 1:27:30 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 1:27:30 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 1:27:30 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/10/2011 1:25:38 AM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

9/10/2011 1:11:32 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

9/10/2011 1:11:32 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 1:11:32 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 1:11:32 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/10/2011 1:11:32 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/10/2011 1:11:32 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 1:11:32 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/10/2011 1:11:32 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/10/2011 1:11:32 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 1:11:32 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 1:11:32 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/10/2011 1:11:32 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/10/2011 1:11:32 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/10/2011 1:03:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.

9/10/2011 1:03:42 AM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Download OTL to your desktop.

 

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

 

:OTL

uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: H - No File

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

 

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

************************************************************

 

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

***************************************************

I'm thinking it's infected but how do I remove it?

Don't touch it for now.

I would like to see the SAS and MBAM logs.

 

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

 

link # 1

Link # 2

If you are using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix login your next reply.

 

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Link to comment
Share on other sites
jantzaw Newbie

jantzaw

Posted
  • Author
Posted

All processes killed

========== OTL ==========

========== COMMANDS ==========

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Alex

->Temp folder emptied: 816071 bytes

->Temporary Internet Files folder emptied: 3157694 bytes

->Java cache emptied: 118250423 bytes

->Google Chrome cache emptied: 144735614 bytes

->Flash cache emptied: 4466 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6228806 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 261.00 mb

 

 

OTL by OldTimer - Version 3.2.27.0 log created on 09112011_010452

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Link to comment
Share on other sites
jantzaw Newbie

jantzaw

Posted
  • Author
Posted

ComboFix 11-09-10.03 - Alex 09/11/2011 1:17.1.2 - x86 NETWORK

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2847 [GMT -5:00]

Running from: c:\users\Alex\Downloads\ComboFix.exe

AV: Panda Global Protection 2012 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}

FW: Panda Personal Firewall 2012 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}

SP: Panda Global Protection 2012 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Alex\AppData\Local\ApplicationHistory

c:\users\Alex\AppData\Roaming\Google\Update\1

c:\users\Alex\AppData\Roaming\Google\Update\1\SD\s.txt

c:\windows\sipr3260.dll

c:\windows\system32\mfc100deu.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-08-11 to 2011-09-11 )))))))))))))))))))))))))))))))

.

.

2011-09-11 06:04 . 2011-09-11 06:04 -------- d-----w- C:\_OTL

2011-09-10 19:00 . 2011-09-10 19:00 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes

2011-09-10 18:58 . 2011-09-10 18:58 -------- d-----w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com

2011-09-10 18:58 . 2011-09-11 06:16 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-10 18:58 . 2011-09-10 18:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-09-10 18:58 . 2011-07-08 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-10 18:58 . 2011-09-10 18:58 -------- d-----w- c:\programdata\Malwarebytes

2011-09-10 18:58 . 2011-09-10 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-10 18:58 . 2011-07-08 12:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-10 17:40 . 2011-09-10 17:40 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed

2011-09-10 06:42 . 2011-09-10 06:42 -------- d-----w- c:\users\Alex\AppData\Local\Panda Security

2011-09-10 06:40 . 2011-09-10 06:40 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys

2011-09-10 06:40 . 2011-09-10 19:25 167376 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT

2011-09-10 06:40 . 2010-09-09 21:23 193864 ----a-w- c:\windows\system32\drivers\idsflt.sys

2011-09-10 06:40 . 2009-09-25 19:54 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys

2011-09-10 06:40 . 2009-09-25 19:54 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys

2011-09-10 06:40 . 2011-01-31 21:41 83528 ----a-w- c:\windows\system32\drivers\APPFLT.SYS

2011-09-10 06:39 . 2011-09-10 06:39 -------- d-----w- c:\windows\system32\PAV

2011-09-10 06:39 . 2011-09-10 06:39 -------- d-----w- c:\users\Alex\AppData\Roaming\Panda Security

2011-09-10 06:39 . 2010-05-21 18:50 54344 ----a-w- c:\windows\system32\drivers\amm8660.sys

2011-09-10 06:39 . 2010-03-24 17:55 55552 ----a-w- c:\windows\system32\avldr.dll

2011-09-10 06:39 . 2011-09-10 06:39 -------- d-----w- c:\program files\Common Files\Panda Security

2011-09-10 06:39 . 2011-02-21 19:38 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys

2011-09-10 06:39 . 2010-05-06 22:11 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys

2011-09-10 06:33 . 2011-09-10 06:38 -------- d-----w- c:\program files\Common Files\Bitdefender

2011-09-10 06:32 . 2011-09-10 06:32 -------- d-----w- c:\users\Alex\AppData\Roaming\QuickScan

2011-09-10 06:05 . 2011-09-10 06:05 -------- d-----w- c:\programdata\ATI

2011-09-10 06:05 . 2011-09-10 06:05 -------- d-----w- c:\program files\AMD APP

2011-09-10 06:03 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll

2011-09-10 06:03 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm

2011-09-10 05:56 . 2011-09-10 05:56 819729 ----a-w- c:\windows\system32\mrvcl32.exe

2011-09-09 23:30 . 2011-09-10 17:14 -------- d-----r- c:\users\Alex\Dropbox

2011-09-09 23:27 . 2011-09-10 17:14 -------- d-----w- c:\users\Alex\AppData\Roaming\Dropbox

2011-09-09 13:20 . 2011-09-10 16:21 -------- d-----w- c:\program files\Runes of Magic

2011-09-09 03:43 . 2011-09-10 05:56 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2011-09-09 02:30 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0F95608-A0D6-433C-81F7-8E2998374DD1}\mpengine.dll

2011-09-06 04:22 . 2011-09-06 04:22 -------- d-----w- c:\users\Alex\AppData\Roaming\.jagex_cache_22

2011-09-05 02:38 . 2011-09-05 02:39 -------- d-----w- c:\program files\Paint.NET

2011-09-05 02:38 . 2011-09-10 18:39 -------- d-----w- c:\users\Alex\AppData\Local\Paint.NET

2011-09-01 22:48 . 2011-09-01 22:50 -------- d-----w- c:\users\Alex\AppData\Roaming\Win7codecs

2011-09-01 22:48 . 2011-09-01 22:48 -------- d-----w- c:\program files\Win7codecs

2011-09-01 22:48 . 2011-09-01 22:50 -------- d-----w- c:\programdata\Win7codecs

2011-09-01 21:45 . 2011-09-01 21:45 -------- d-----w- c:\users\Alex\AppData\Local\TechSmith

2011-09-01 21:45 . 2010-03-04 22:27 411480 ----a-w- c:\windows\system32\tsccvid.dll

2011-09-01 21:45 . 2011-09-01 21:45 -------- d-----w- c:\windows\system32\QuickTime

2011-09-01 21:45 . 2011-09-01 21:45 -------- d-----w- c:\program files\Common Files\TechSmith Shared

2011-09-01 21:45 . 2011-09-01 21:45 -------- d-----w- c:\programdata\TechSmith

2011-09-01 21:45 . 2011-09-01 21:45 -------- d-----w- c:\program files\TechSmith

2011-09-01 21:39 . 2011-09-01 21:39 -------- d-----w- c:\program files\Conduit

2011-09-01 21:39 . 2011-09-01 21:39 -------- d-----w- c:\users\Alex\AppData\Local\Conduit

2011-09-01 21:39 . 2011-09-01 21:39 -------- d-----w- c:\program files\Audacity

2011-09-01 03:42 . 2011-09-10 06:17 -------- d-----w- c:\users\Alex\AppData\Local\PMB Files

2011-09-01 03:42 . 2011-09-01 03:54 -------- d-----w- c:\programdata\PMB Files

2011-09-01 03:42 . 2011-09-01 03:42 -------- d-----w- c:\program files\Pando Networks

2011-08-29 03:42 . 2011-08-29 03:42 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-08-27 18:40 . 2011-08-27 18:40 -------- d-----w- c:\windows\system32\Wat

2011-08-27 16:47 . 2011-09-10 03:18 -------- d-----w- C:\afterIW

2011-08-27 11:18 . 2011-08-27 11:18 -------- d-----w- c:\users\Alex\AppData\Local\Activision

2011-08-27 11:07 . 2011-08-27 11:07 -------- d-----w- c:\program files\MagicDisc

2011-08-27 11:07 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2011-08-27 07:09 . 2011-09-09 23:26 -------- d-----w- c:\users\Alex\AppData\Roaming\.minecraft

2011-08-27 04:22 . 2011-09-10 06:25 -------- d-----w- c:\users\Alex\AppData\Roaming\Azureus

2011-08-26 21:04 . 2011-08-26 21:04 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-26 21:04 . 2011-08-26 21:04 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-26 21:04 . 2011-08-26 21:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-26 21:03 . 2011-08-26 21:03 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-26 21:00 . 2011-08-26 21:00 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-08-26 20:59 . 2011-08-26 20:59 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-08-26 20:59 . 2011-08-26 20:59 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-08-26 20:58 . 2011-08-26 20:58 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-08-26 20:58 . 2011-08-26 20:58 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-08-26 20:58 . 2011-08-26 20:58 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-08-26 20:58 . 2011-08-26 20:58 428032 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-08-26 20:58 . 2011-08-26 20:58 337408 ----a-w- c:\windows\system32\mssph.dll

2011-08-26 20:58 . 2011-08-26 20:58 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-08-26 20:58 . 2011-08-26 20:58 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-08-26 20:58 . 2011-08-26 20:58 1553920 ----a-w- c:\windows\system32\tquery.dll

2011-08-26 20:58 . 2011-08-26 20:58 1401856 ----a-w- c:\windows\system32\mssrch.dll

2011-08-26 20:58 . 2011-08-26 20:58 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-08-26 20:57 . 2011-08-26 20:57 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-08-26 20:57 . 2011-08-26 20:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-08-26 20:57 . 2011-08-26 20:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-08-26 20:57 . 2011-08-26 20:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-08-26 20:57 . 2011-08-26 20:57 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-08-26 20:56 . 2011-08-26 20:56 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-26 20:56 . 2011-08-26 20:56 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-26 20:55 . 2011-08-26 20:55 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-08-26 20:55 . 2011-08-26 20:55 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-08-26 20:54 . 2011-08-26 20:54 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-08-26 20:54 . 2011-08-26 20:54 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-08-26 20:53 . 2011-08-26 20:53 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-08-26 20:53 . 2011-08-26 20:53 2614784 ----a-w- c:\windows\explorer.exe

2011-08-26 20:53 . 2011-08-26 20:53 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-08-26 20:53 . 2011-08-26 20:53 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-08-26 20:52 . 2011-08-26 20:52 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-08-26 20:52 . 2011-08-26 20:52 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-08-26 20:52 . 2011-08-26 20:52 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-08-26 20:51 . 2011-08-26 20:51 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-08-26 20:51 . 2011-08-26 20:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-08-26 20:51 . 2011-08-26 20:51 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-08-26 20:51 . 2011-08-26 20:51 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-08-26 20:50 . 2011-08-26 20:50 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-08-26 20:50 . 2011-08-26 20:50 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-08-26 20:50 . 2011-08-26 20:50 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-08-26 20:50 . 2011-08-26 20:50 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-08-26 20:50 . 2011-08-26 20:50 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-08-26 20:50 . 2011-08-26 20:50 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-08-26 20:50 . 2011-08-26 20:50 850432 ----a-w- c:\windows\system32\sbe.dll

2011-08-26 20:50 . 2011-08-26 20:50 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-08-26 20:50 . 2011-08-26 20:50 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-08-26 20:50 . 2011-08-26 20:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2011-08-26 20:49 . 2011-08-26 20:49 1289536 ----a-w- c:\windows\system32\ntdll.dll

2011-08-26 20:48 . 2011-08-26 20:48 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-08-26 20:48 . 2011-08-26 20:48 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-08-26 20:48 . 2011-08-26 20:48 107520 ----a-w- c:\windows\system32\cdd.dll

2011-08-26 20:48 . 2011-08-26 20:48 3181568 ----a-w- c:\windows\system32\mf.dll

2011-08-26 20:48 . 2011-08-26 20:48 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-08-26 20:48 . 2011-08-26 20:48 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-08-26 20:48 . 2011-08-26 20:48 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2011-08-26 20:48 . 2011-08-26 20:48 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll

2011-08-26 20:48 . 2011-08-26 20:48 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-08-26 20:48 . 2011-08-26 20:48 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2011-08-26 20:48 . 2011-08-26 20:48 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-08-26 20:46 . 2011-08-26 20:46 109056 ----a-w- c:\windows\system32\t2embed.dll

2011-08-26 20:46 . 2011-08-26 20:46 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-30 16:03 . 2011-07-30 16:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-02 16:06 . 2011-08-02 16:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-28 22:49 . 2011-07-28 22:49 53760 ----a-w- c:\windows\system32\OVDecode.dll

2011-07-28 22:48 . 2011-07-28 22:48 13555712 ----a-w- c:\windows\system32\amdocl.dll

2011-07-28 22:22 . 2011-07-28 22:22 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\system32\atioglxx.dll

2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-07-28 21:40 . 2011-07-08 03:29 726528 ----a-w- c:\windows\system32\aticfx32.dll

2011-07-28 21:36 . 2011-07-28 21:36 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-07-28 21:35 . 2011-07-28 21:35 401408 ----a-w- c:\windows\system32\atieclxx.exe

2011-07-28 21:35 . 2011-07-28 21:35 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-07-28 21:34 . 2011-07-28 21:34 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-07-28 21:33 . 2011-07-28 21:33 20992 ----a-w- c:\windows\system32\atimuixx.dll

2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-07-28 21:30 . 2009-07-13 22:09 4198912 ----a-w- c:\windows\system32\atidxx32.dll

2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-07-28 21:09 . 2011-07-28 21:09 4256768 ----a-w- c:\windows\system32\atiumdag.dll

2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\system32\aticaldd.dll

2011-07-28 21:03 . 2011-07-28 21:03 4056064 ----a-w- c:\windows\system32\atiumdva.dll

2011-07-28 21:01 . 2011-07-08 02:54 52736 ----a-w- c:\windows\system32\coinst.dll

2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\system32\atiadlxx.dll

2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll

2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-07-28 20:53 . 2011-07-28 20:53 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-07-28 20:53 . 2011-07-08 02:46 31744 ----a-w- c:\windows\system32\atiuxpag.dll

2011-07-28 20:53 . 2011-07-28 20:53 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-07-28 20:52 . 2011-07-28 20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\system32\atimpc32.dll

2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\system32\amdpcom32.dll

2011-07-24 00:06 . 2011-07-24 00:06 151552 ----a-w- c:\windows\system32\ac3acm.acm

2011-07-12 21:56 . 2011-07-12 21:56 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 04:37 . 2011-07-08 04:37 43520 ----a-w- c:\windows\system32\OpenCL.dll

2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-07-04 03:48 . 2011-07-04 03:48 147456 ----a-w- c:\windows\system32\lagarith.dll

2011-06-17 11:34 . 2011-06-17 11:34 73728 ----a-w- c:\windows\system32\xvid.ax

2011-06-17 11:26 . 2011-06-17 11:26 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2011-06-17 11:17 . 2011-06-17 11:17 650752 ----a-w- c:\windows\system32\xvidcore.dll

2011-06-16 08:34 . 2011-06-16 08:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll

2011-06-16 08:34 . 2011-06-16 08:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll

.

<pre>
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\IObit\Advanced SystemCare 5\ASCTray .exe
</pre>

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" [2011-04-13 1000768]

"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2012\Inicio.exe" [2011-02-02 70464]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"OTL"="c:\users\Alex\Downloads\OTL.exe" [2011-09-11 581120]

.

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2010-03-24 17:55 55552 ----a-w- c:\windows\System32\avldr.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 06:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2011-09-01 03:42 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

c:\program files\common files\java\java update\jusched.exe [N/A]

.

R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2010-06-22 26696]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2011-02-21 37448]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-08-10 478040]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 291840]

R2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2010-05-21 54344]

R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]

R2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2011-01-31 83528]

R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2011-09-10 13880]

R2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2009-09-25 53256]

R2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2009-09-25 22024]

R2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2010-09-09 193864]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-08 366640]

R2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2009-09-25 19:54 159112]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2010-05-06 163848]

R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2012\PskSvc.exe [2010-08-16 28992]

R2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2009-09-25 46856]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]

R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]

R3 EagleXNt;EagleXNt; [x]

R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\D-Link\DWA-552 revA\jswpsapi.exe [2008-09-27 954368]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-08 22712]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-06-06 4005936]

R3 PavSRK.sys;PavSRK.sys; [x]

R3 PavTPK.sys;PavTPK.sys; [x]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1343400]

R3 XDva389;XDva389; [x]

S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-05-15 20384]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]

S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\neti1644.sys [2010-09-01 201032]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-10 c:\windows\Tasks\Basic clean-up.job

- c:\program files\Panda Security\Panda Global Protection 2012\PlaTasks.exe [2011-09-10 19:23]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to MP3 Converter - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.100.254

.

.

------- File Associations -------

.

JSEFile=c:\progra~1\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %*

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,bd,99,bf,0c,a4,c2,48,b4,b2,4d,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,bd,99,bf,0c,a4,c2,48,b4,b2,4d,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\07\04\1c\048\0e?"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-09-11 01:23:46

ComboFix-quarantined-files.txt 2011-09-11 06:23

.

Pre-Run: 382,708,109,312 bytes free

Post-Run: 382,569,992,192 bytes free

.

- - End Of File - - DE02C761360F2500CDF5263AB5C4C8C4

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Re-running ComboFix to remove infections:

 

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::
     
    RenV::
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
    c:\program files\Common Files\Java\Java Update\jusched .exe
    c:\program files\IObit\Advanced SystemCare 5\ASCTray .exe
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe
     
    http://i424.photobucket.com/albums/pp322/digistar/cfscriptb4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

**************************************************

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Link to comment
Share on other sites
jantzaw Newbie

jantzaw

Posted
  • Author
Posted

ComboFix 11-09-11.05 - Alex 09/11/2011 15:58:52.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.916 [GMT -5:00]

Running from: c:\users\Alex\Desktop\ComboFix.exe

Command switches used :: c:\users\Alex\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-08-11 to 2011-09-11 )))))))))))))))))))))))))))))))

.

.

2011-09-11 21:03 . 2011-09-11 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-11 20:54 . 2011-09-11 21:05 -------- d-----w- c:\users\Alex\AppData\Local\temp

2011-09-11 15:51 . 2011-09-11 15:51 -------- d-----w- c:\programdata\ATI

2011-09-11 15:50 . 2011-09-11 15:50 -------- d-----w- c:\program files\AMD APP

2011-09-11 15:46 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E01B24F1-4FB4-417E-B70F-46729BFA8B25}\mpengine.dll

2011-09-11 06:04 . 2011-09-11 06:04 -------- d-----w- C:\_OTL

2011-09-10 19:00 . 2011-09-10 19:00 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes

2011-09-10 18:58 . 2011-09-10 18:58 -------- d-----w- c:\users\Alex\AppData\Roaming\SUPERAntiSpyware.com

2011-09-10 18:58 . 2011-09-11 15:42 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-10 18:58 . 2011-09-10 18:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-09-10 18:58 . 2011-09-10 18:58 -------- d-----w- c:\programdata\Malwarebytes

2011-09-10 18:58 . 2011-09-11 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-10 06:40 . 2011-09-10 06:40 -------- d-----w- c:\programdata\Backup

2011-09-10 06:39 . 2011-09-11 15:19 -------- d-----w- c:\programdata\Panda Security

2011-09-10 06:39 . 2011-09-11 15:19 -------- d-----w- c:\program files\Panda Security

2011-09-10 06:33 . 2011-09-10 06:38 -------- d-----w- c:\program files\Common Files\Bitdefender

2011-09-10 06:32 . 2011-09-10 06:32 -------- d-----w- c:\users\Alex\AppData\Roaming\QuickScan

2011-09-09 23:30 . 2011-09-11 15:40 -------- d-----w- c:\users\Alex\Dropbox

2011-09-09 23:27 . 2011-09-10 17:14 -------- d-----w- c:\users\Alex\AppData\Roaming\Dropbox

2011-09-09 13:20 . 2011-09-11 15:40 -------- d-----w- c:\program files\Runes of Magic

2011-09-06 04:22 . 2011-09-06 04:22 -------- d-----w- c:\users\Alex\AppData\Roaming\.jagex_cache_22

2011-09-05 02:38 . 2011-09-11 15:40 -------- d-----w- c:\program files\Paint.NET

2011-09-05 02:38 . 2011-09-10 18:39 -------- d-----w- c:\users\Alex\AppData\Local\Paint.NET

2011-09-01 22:48 . 2011-09-11 15:40 -------- d-----w- c:\program files\Win7codecs

2011-09-01 21:45 . 2011-09-01 21:45 -------- d-----w- c:\users\Alex\AppData\Local\TechSmith

2011-09-01 21:45 . 2011-09-01 21:45 -------- d-----w- c:\programdata\TechSmith

2011-09-01 21:45 . 2011-09-01 21:45 -------- d-----w- c:\program files\TechSmith

2011-09-01 21:39 . 2011-09-01 21:39 -------- d-----w- c:\program files\Conduit

2011-09-01 21:39 . 2011-09-01 21:39 -------- d-----w- c:\users\Alex\AppData\Local\Conduit

2011-09-01 21:39 . 2011-09-11 15:40 -------- d-----w- c:\program files\Audacity

2011-09-01 03:42 . 2011-09-10 06:17 -------- d-----w- c:\users\Alex\AppData\Local\PMB Files

2011-09-01 03:42 . 2011-09-11 15:40 -------- d-----w- c:\programdata\PMB Files

2011-09-01 03:42 . 2011-09-01 03:42 -------- d-----w- c:\program files\Pando Networks

2011-08-27 18:40 . 2011-09-11 15:41 -------- d-----w- c:\windows\system32\Wat

2011-08-27 16:47 . 2011-09-11 15:40 -------- d-----w- C:\afterIW

2011-08-27 11:20 . 2011-09-11 15:45 -------- d-----w- c:\program files\Steam

2011-08-27 11:18 . 2011-08-27 11:18 -------- d-----w- c:\users\Alex\AppData\Local\Activision

2011-08-27 11:08 . 2011-09-11 15:40 -------- d-----w- c:\program files\Activision

2011-08-27 11:07 . 2011-08-27 11:07 -------- d-----w- c:\program files\MagicDisc

2011-08-27 11:07 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2011-08-27 07:09 . 2011-09-11 15:41 -------- d-----w- c:\users\Alex\AppData\Roaming\.minecraft

2011-08-27 04:22 . 2011-09-11 15:41 -------- d-----w- c:\users\Alex\AppData\Roaming\Azureus

2011-08-26 21:04 . 2011-08-26 21:04 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-26 21:04 . 2011-08-26 21:04 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-26 21:04 . 2011-08-26 21:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-26 21:03 . 2011-08-26 21:03 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-26 21:00 . 2011-08-26 21:00 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-08-26 20:59 . 2011-08-26 20:59 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-08-26 20:59 . 2011-08-26 20:59 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-08-26 20:58 . 2011-08-26 20:58 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-08-26 20:58 . 2011-08-26 20:58 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-08-26 20:58 . 2011-08-26 20:58 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-08-26 20:58 . 2011-08-26 20:58 428032 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-08-26 20:58 . 2011-08-26 20:58 337408 ----a-w- c:\windows\system32\mssph.dll

2011-08-26 20:58 . 2011-08-26 20:58 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-08-26 20:58 . 2011-08-26 20:58 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-08-26 20:58 . 2011-08-26 20:58 1553920 ----a-w- c:\windows\system32\tquery.dll

2011-08-26 20:58 . 2011-08-26 20:58 1401856 ----a-w- c:\windows\system32\mssrch.dll

2011-08-26 20:58 . 2011-08-26 20:58 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-08-26 20:57 . 2011-08-26 20:57 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-08-26 20:57 . 2011-08-26 20:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-08-26 20:57 . 2011-08-26 20:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-08-26 20:57 . 2011-08-26 20:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-08-26 20:57 . 2011-08-26 20:57 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-08-26 20:56 . 2011-08-26 20:56 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-26 20:56 . 2011-08-26 20:56 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-26 20:55 . 2011-08-26 20:55 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-08-26 20:55 . 2011-08-26 20:55 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-08-26 20:54 . 2011-08-26 20:54 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-08-26 20:54 . 2011-08-26 20:54 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-08-26 20:53 . 2011-08-26 20:53 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-08-26 20:53 . 2011-08-26 20:53 2614784 ----a-w- c:\windows\explorer.exe

2011-08-26 20:53 . 2011-08-26 20:53 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-08-26 20:53 . 2011-08-26 20:53 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-08-26 20:52 . 2011-08-26 20:52 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-08-26 20:52 . 2011-08-26 20:52 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-08-26 20:52 . 2011-08-26 20:52 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-08-26 20:51 . 2011-08-26 20:51 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-08-26 20:51 . 2011-08-26 20:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-08-26 20:51 . 2011-08-26 20:51 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-08-26 20:51 . 2011-08-26 20:51 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-08-26 20:50 . 2011-08-26 20:50 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-08-26 20:50 . 2011-08-26 20:50 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-08-26 20:50 . 2011-08-26 20:50 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-08-26 20:50 . 2011-08-26 20:50 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-08-26 20:50 . 2011-08-26 20:50 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-08-26 20:50 . 2011-08-26 20:50 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-08-26 20:50 . 2011-08-26 20:50 850432 ----a-w- c:\windows\system32\sbe.dll

2011-08-26 20:50 . 2011-08-26 20:50 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-08-26 20:50 . 2011-08-26 20:50 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-08-26 20:50 . 2011-08-26 20:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2011-08-26 20:49 . 2011-08-26 20:49 1289536 ----a-w- c:\windows\system32\ntdll.dll

2011-08-26 20:48 . 2011-08-26 20:48 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-08-26 20:48 . 2011-08-26 20:48 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-08-26 20:48 . 2011-08-26 20:48 107520 ----a-w- c:\windows\system32\cdd.dll

2011-08-26 20:48 . 2011-08-26 20:48 3181568 ----a-w- c:\windows\system32\mf.dll

2011-08-26 20:48 . 2011-08-26 20:48 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-08-26 20:48 . 2011-08-26 20:48 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-08-26 20:48 . 2011-08-26 20:48 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2011-08-26 20:48 . 2011-08-26 20:48 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll

2011-08-26 20:48 . 2011-08-26 20:48 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-08-26 20:48 . 2011-08-26 20:48 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2011-08-26 20:48 . 2011-08-26 20:48 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-08-26 20:46 . 2011-08-26 20:46 109056 ----a-w- c:\windows\system32\t2embed.dll

2011-08-26 20:46 . 2011-08-26 20:46 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe

2011-08-26 20:46 . 2011-08-26 20:46 1413632 ----a-w- c:\windows\system32\ole32.dll

2011-08-26 20:46 . 2011-08-26 20:46 954752 ----a-w- c:\windows\system32\mfc40.dll

2011-08-26 20:46 . 2011-08-26 20:46 954288 ----a-w- c:\windows\system32\mfc40u.dll

2011-08-26 20:46 . 2011-08-26 20:46 530432 ----a-w- c:\windows\system32\comctl32.dll

2011-08-26 20:45 . 2011-08-26 20:45 738816 ----a-w- c:\windows\system32\wmpmde.dll

2011-08-26 20:45 . 2011-08-26 20:45 224256 ----a-w- c:\windows\system32\schannel.dll

2011-08-26 20:45 . 2011-08-26 20:45 101760 ----a-w- c:\windows\system32\consent.exe

2011-08-26 20:45 . 2011-08-26 20:45 516096 ----a-w- c:\program files\Windows Mail\wab.exe

2011-08-26 20:45 . 2011-08-26 20:45 314368 ----a-w- c:\windows\system32\webio.dll

2011-08-26 20:44 . 2011-08-26 20:44 749056 ----a-w- c:\windows\system32\schedsvc.dll

2011-08-26 20:44 . 2011-08-26 20:44 496128 ----a-w- c:\windows\system32\taskschd.dll

2011-08-26 20:44 . 2011-08-26 20:44 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-08-26 20:44 . 2011-08-26 20:44 305152 ----a-w- c:\windows\system32\taskcomp.dll

2011-08-26 20:44 . 2011-08-26 20:44 192000 ----a-w- c:\windows\system32\taskeng.exe

2011-08-26 20:44 . 2011-08-26 20:44 179712 ----a-w- c:\windows\system32\schtasks.exe

2011-08-26 20:44 . 2011-08-26 20:44 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-08-26 20:43 . 2011-08-26 20:43 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-08-26 20:43 . 2011-08-26 20:43 417792 ----a-w- c:\windows\system32\msdri.dll

2011-08-26 20:43 . 2011-08-26 20:43 204288 ----a-w- c:\windows\system32\MSNP.ax

2011-08-26 20:43 . 2011-08-26 20:43 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-02 16:06 . 2011-08-02 16:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-30 16:29 . 2011-07-30 16:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-28 22:49 . 2011-07-28 22:49 53760 ----a-w- c:\windows\system32\OVDecode.dll

2011-07-28 22:48 . 2011-07-28 22:48 13555712 ----a-w- c:\windows\system32\amdocl.dll

2011-07-28 22:22 . 2011-07-28 22:22 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\system32\atioglxx.dll

2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-07-28 21:40 . 2011-07-08 03:29 726528 ----a-w- c:\windows\system32\aticfx32.dll

2011-07-28 21:36 . 2011-07-28 21:36 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-07-28 21:35 . 2011-07-28 21:35 401408 ----a-w- c:\windows\system32\atieclxx.exe

2011-07-28 21:35 . 2011-07-28 21:35 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2011-07-28 21:34 . 2011-07-28 21:34 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2011-07-28 21:33 . 2011-07-28 21:33 20992 ----a-w- c:\windows\system32\atimuixx.dll

2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-07-28 21:30 . 2009-07-13 22:09 4198912 ----a-w- c:\windows\system32\atidxx32.dll

2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\system32\atiumdmv.dll

2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\system32\aticalrt.dll

2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\system32\aticalcl.dll

2011-07-28 21:09 . 2011-07-28 21:09 4256768 ----a-w- c:\windows\system32\atiumdag.dll

2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\system32\aticaldd.dll

2011-07-28 21:03 . 2011-07-28 21:03 4056064 ----a-w- c:\windows\system32\atiumdva.dll

2011-07-28 21:01 . 2011-07-08 02:54 52736 ----a-w- c:\windows\system32\coinst.dll

2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\system32\atiadlxx.dll

2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll

2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\system32\atigktxx.dll

2011-07-28 20:53 . 2011-07-28 20:53 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-07-28 20:53 . 2011-07-08 02:46 31744 ----a-w- c:\windows\system32\atiuxpag.dll

2011-07-28 20:53 . 2011-07-28 20:53 29184 ----a-w- c:\windows\system32\atiu9pag.dll

2011-07-28 20:52 . 2011-07-28 20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\system32\atimpc32.dll

2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\system32\amdpcom32.dll

2011-07-24 00:06 . 2011-07-24 00:06 151552 ----a-w- c:\windows\system32\ac3acm.acm

2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 04:37 . 2011-07-08 04:37 43520 ----a-w- c:\windows\system32\OpenCL.dll

2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-07-04 03:48 . 2011-07-04 03:48 147456 ----a-w- c:\windows\system32\lagarith.dll

2011-06-16 08:34 . 2011-06-16 08:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll

2011-06-16 08:34 . 2011-06-16 08:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-08-12 702808]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-8-27 576000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-552 revA\wirelesscm.exe [2011-8-19 517440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2011-07-28 22:49 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

R3 EagleXNt;EagleXNt; [x]

R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\D-Link\DWA-552 revA\jswpsapi.exe [2008-09-27 954368]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-06-06 4005936]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1343400]

R3 XDva389;XDva389; [x]

S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-05-15 20384]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-08-10 478040]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 291840]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]

S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2484587572-2066941522-967813385-1000Core.job

- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-27 22:26]

.

2011-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2484587572-2066941522-967813385-1000UA.job

- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-27 22:26]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to MP3 Converter - c:\users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.100.254

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\07\04\1c\048\0e?"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\atieclxx.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\conhost.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2011-09-11 16:08:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-11 21:08

ComboFix2.txt 2011-09-11 20:54

ComboFix3.txt 2011-09-11 06:23

.

Pre-Run: 396,511,473,664 bytes free

Post-Run: 396,616,552,448 bytes free

.

- - End Of File - - B0E960B580FBD2DFD92D6DA2609D95EF

Link to comment
Share on other sites
jantzaw Newbie

jantzaw

Posted
  • Author
Posted

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys

Service Name: ---

Module Base: 946D1000

Module End: 946DC000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: 946DC000

Module End: 946E5000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys

Service Name: ---

Module Base: 946E5000

Module End: 946F6000

Hidden: Yes

 

Module Name: \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

Service Name: ---

Module Base: 9CBBA000

Module End: 9CBBC000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

No SSDT Hooks found

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

 

Object: C:\Windows\CSC\v2.0.6\namespace

Status: Access denied

 

Object: C:\Windows\CSC\v2.0.6\pq

Status: Access denied

 

Object: C:\Windows\CSC\v2.0.6\sm

Status: Access denied

 

Object: C:\Windows\CSC\v2.0.6\temp

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl

Status: Access denied

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

That sounds good. Let's do some cleanup.

 

To uninstall ComboFix

 

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall

 

http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg

 

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

 

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

**************************************************

To remove all of the tools we used and the files and folders they created do the following:

Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

************************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.

Click on View > Select Colunms.

In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.

Go File>Save As, and save the report as Procexp.txt.

Attach the file to your next reply.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

I don't see anything amiss in the log. This is a job you will have to handle from your end. Please try this. Sometimes, rebooting cures the problem. If not, read on.

Start ProcessXplorer again using the instructions I provided in my previous post and follow these suggestions.

 

Process Explorer Screen

Once you’ve got it running, hover the mouse point over each svchost.exe process and a tooltip windows with all the information needed will appear.

 

http://www.fileinspect.com/uploaded/svchost-exe/processexplorer1-300x109.png

 

http://www.bleepstatic.com/tutorials/svchost/SVCHOST-prop.jpg

SVCHOST.EXE Properties

 

Finally, to view the services running in this process, click on the Services tab. You will now see a screen similar to the one below.

 

http://www.bleepstatic.com/tutorials/svchost/services.jpg

Services Tab

 

This window displays the services that are being managed by this particular SVCHOST.EXE process. As you can see the SVCHOST.EXE that we are currently looking at in this tutorial is managing the DCOM Server Process Launcher and Terminal Services.

 

Using this method you can determine what services a SVCHOST.EXE process is controlling on your computer.

 

How to Fix It?

First of all, if the process that is eating up CPU is not a Windows process, kill it and uninstall the program that runs it. Also scan your computer for viruses and other malware.

 

However, most likely it will be a Windows process, such as Task Scheduler, firewall, or Windows Update. Sometimes simply restarting your computer gets rid of the problem. If not, try downloading the most recent Windows Updates. If for some reason you can’t, go to the Control Panel - Administrative Tools - double-click the Services shortcut (or click Start - Run - type in services.msc - hit Enter), find the required service, right-click on it, go to Properties and select Disabled from the Startup type box. You can always re-enable it later, so don’t worry. Reboot your computer and then go to the Microsoft website and download updates. Install them, re-enable the service that you have stopped, and restart again. Hopefully everything will be working now.

 

Another way to get rid of svchost.exe high CPU usage problem is to open the Task Manager (CTRL+ALT+DEL), find the process that is causing the problem, right-click on it, go to Set Priority and set it to Below Normal (or Idle if Below Normal doesn’t help). Keep in mind that setting it to Idle might interfere with your networking services, especially if you’re at work and part of a large network.

Take care when disabling svchost.exe, because it is needed by essential applications to work properly.

Link to comment
Share on other sites
jantzaw Newbie

jantzaw

Posted
  • Author
Posted

Alright the Svchost.exe that is hording CPU controls the following things:

 

AeLookupSVC - Application Experience

Appinfo - Application Information

MMCSS - Multimedia Class Scheduler

ProfSvc - User Profile Service

SENS - System Event Notification Service

Winmgmt - Windows Management Instrumentation

 

I'm completely dumbfounded, any ideas?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...