Slow

View previous topic View next topic Go down

Slow

Post by Restricted on Wed 14 Jul 2010, 9:39 pm

Computer has been going slow. So I scanned it with MBAM, and this is what I got:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4312

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/14/2010 3:30:59 AM
mbam-log-2010-07-14 (03-30-59).txt

Scan type: Quick scan
Objects scanned: 176685
Time elapsed: 11 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4o72ukfs-301x-7aj5-u7n0-60ia3pdv53e8} (Generic.Bot.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Alexander\Application Data\cglogs.dat (Malware.Trace) -> No action taken.

Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by DragonMaster Jay on Thu 15 Jul 2010, 6:23 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow

Post by Restricted on Thu 15 Jul 2010, 1:26 pm



I kept getting this error while combofix was running. May not be serious, but I thought I'd show you just in case...
Combofix log:

ComboFix 10-07-14.01 - Alexander 07/14/2010 19:09:18.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.126 [GMT -7:00]
Running from: c:\documents and settings\Alexander\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ErrLog.txt
C:\Thumbs.db
c:\windows.1\system32\Cache
c:\windows.1\system32\haha.exe.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-14 10:55 . 2010-07-14 10:59 -------- d-----w- c:\documents and settings\Alexander\.pc_store_32
2010-07-14 10:14 . 2010-04-29 22:39 38224 ----a-w- c:\windows.1\system32\drivers\mbamswissarmy.sys
2010-07-14 10:14 . 2010-07-14 10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 10:14 . 2010-04-29 22:39 20952 ----a-w- c:\windows.1\system32\drivers\mbam.sys
2010-07-12 22:09 . 2010-07-12 22:09 -------- d-----w- c:\windows.1\048298C9A4D3490B9FF9AB023A9238F3.TMP
2010-06-19 05:03 . 2010-06-29 07:57 -------- d-----w- c:\documents and settings\Alexander\.69cache_32
2010-06-16 23:55 . 2009-09-05 00:29 1974616 ----a-w- c:\windows.1\system32\D3DCompiler_42.dll
2010-06-16 23:54 . 2009-09-05 00:29 1892184 ----a-w- c:\windows.1\system32\D3DX9_42.dll
2010-06-16 23:52 . 2010-06-16 23:52 -------- d-----w- c:\windows.1\system32\drivers\umdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 02:16 . 2010-01-22 06:39 -------- d-----w- c:\documents and settings\Alexander\Application Data\DNA
2010-07-14 20:06 . 2009-11-04 06:32 -------- d---a-w- c:\documents and settings\All Users.WINDOWS.1\Application Data\TEMP
2010-07-14 20:06 . 2010-01-22 06:39 -------- d-----w- c:\program files\DNA
2010-07-13 01:46 . 2009-11-07 06:14 99 ----a-w- c:\documents and settings\Alexander\jagex_runescape_preferences2.dat
2010-07-13 01:39 . 2009-11-07 06:14 46 ----a-w- c:\documents and settings\Alexander\jagex_runescape_preferences.dat
2010-07-12 23:44 . 2008-02-18 08:25 -------- d-----w- c:\program files\DivX
2010-07-12 22:04 . 2009-10-10 21:50 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-07-12 22:04 . 2006-07-25 02:54 -------- d-----w- c:\program files\QuickTime
2010-07-12 22:04 . 2009-08-06 01:11 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-12 22:04 . 2006-07-25 02:53 -------- d-----w- c:\program files\Java
2010-07-12 22:04 . 2006-12-08 17:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-12 22:04 . 2006-07-25 02:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-27 08:34 . 2009-11-24 09:00 -------- d-----w- c:\documents and settings\Alexander\Application Data\TeamViewer
2010-06-14 14:31 . 2009-11-03 17:17 744448 ----a-w- c:\windows.1\pchealth\helpctr\binaries\helpsvc.exe
2010-06-04 05:31 . 2006-07-25 03:04 -------- d-----w- c:\program files\Microsoft.NET
2010-05-25 08:47 . 2010-05-25 08:47 3724801 ----a-w- c:\documents and settings\All Users.WINDOWS.1\SPL18.tmp
2010-05-15 22:37 . 2009-11-10 22:52 138056 ----a-w- c:\documents and settings\Alexander\Application Data\PnkBstrK.sys
2010-05-15 22:37 . 2009-11-10 22:52 138056 ----a-w- c:\documents and settings\Alexander\Application Data\PnkBstrK.sys
2010-05-15 22:37 . 2009-12-09 02:37 189248 ----a-w- c:\windows.1\system32\PnkBstrB.exe
2010-05-12 21:49 . 2010-05-12 21:49 2560 ----a-w- c:\windows.1\_MSRSTRT.EXE
2010-05-12 21:42 . 2009-11-03 17:55 68384 ----a-w- c:\documents and settings\Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 10:41 . 2008-04-14 05:42 916480 ----a-w- c:\windows.1\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 01:00 1851264 ----a-w- c:\windows.1\system32\win32k.sys
2010-05-01 02:15 . 2009-12-09 02:37 75064 ----a-w- c:\windows.1\system32\PnkBstrA.exe
2010-04-20 06:41 . 2010-04-20 06:41 1175112 ----a-w- c:\documents and settings\All Users.WINDOWS.1\SPL5.tmp
2010-04-20 05:30 . 2008-04-14 05:39 285696 ----a-w- c:\windows.1\system32\atmfd.dll
.

------- Sigcheck -------

[-] 2008-07-19 . 649B4101C35E996E1866037C28A5FD42 . 1614848 . . [5.1.2600.5512] . . c:\windows.1\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-22 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-02-15 3168216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"msnmsgrv7"="c:\documents and settings\Alexander\msnmsgr7.exe" [2009-10-14 30208]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS.1\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS.1\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS.1\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS.1\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:Internet
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 pctgntdi;pctgntdi;c:\windows.1\system32\drivers\pctgntdi.sys [11/3/2009 11:33 PM 233136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/9/2009 11:53 PM 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows.1\system32\drivers\PCTAppEvent.sys [11/3/2009 11:33 PM 88040]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows.1\system32\drivers\pctNdis-PacketFilter.sys [11/3/2009 11:32 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows.1\system32\drivers\pctNdis.sys [10/12/2009 5:54 PM 58816]
R3 pctplfw;pctplfw;c:\windows.1\system32\drivers\pctplfw.sys [11/3/2009 11:32 PM 115216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows.1\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows.1\system32\DRIVERS\ManyCam.sys --> c:\windows.1\system32\DRIVERS\ManyCam.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows.1\system32\GameMon.des -service --> c:\windows.1\system32\GameMon.des -service [?]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows.1\system32\drivers\pctNdis-DNS.sys [11/3/2009 11:32 PM 32680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows.1\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva337;XDva337;\??\c:\windows.1\system32\XDva337.sys --> c:\windows.1\system32\XDva337.sys [?]
S3 XDva341;XDva341;\??\c:\windows.1\system32\XDva341.sys --> c:\windows.1\system32\XDva341.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-20 c:\windows.1\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\gigk9imp.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\All Users.WINDOWS.1\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-Steam - f:\steam\Steam.exe
HKLM-Run-OpenDNS Update - c:\program files\OpenDNS Updater\OpenDNS Updater.exe
AddRemove-PopCap Browser Plugin - c:\program files\PopCap Games\PopCap Browser Plugin\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-14 19:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows.1\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\windows.1\system32\Ati2evxx.dll
.
Completion time: 2010-07-14 19:23:04
ComboFix-quarantined-files.txt 2010-07-15 02:22

Pre-Run: 8,893,685,760 bytes free
Post-Run: 8,918,200,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1020D7DC6BD6C8680058F79AA78E0761

Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by DragonMaster Jay on Thu 15 Jul 2010, 5:28 pm

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow

Post by Restricted on Fri 16 Jul 2010, 10:13 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4317

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/15/2010 4:18:09 PM
mbam-log-2010-07-15 (16-18-09).txt

Scan type: Quick scan
Objects scanned: 176924
Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by DragonMaster Jay on Sun 18 Jul 2010, 5:07 am

Download MBRCheck to your desktop.
  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow

Post by Restricted on Mon 19 Jul 2010, 10:06 am

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

37 GB \\.\PhysicalDrive0 Windows XP MBR code detected





Done! Press ENTER to exit...


Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by DragonMaster Jay on Mon 19 Jul 2010, 4:59 pm

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow

Post by Restricted on Tue 20 Jul 2010, 12:04 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=890ea781a307e34e97988713d2ed85a4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-20 01:02:16
# local_time=2010-07-19 06:02:16 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 40608945 40608945 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775125 100 94 195383 52122523 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=4115
# found=0
# cleaned=0
# scan_time=929


Avira picked something up earlier.

Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by DragonMaster Jay on Tue 20 Jul 2010, 3:06 pm

How is the computer running overall?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow

Post by Restricted on Wed 21 Jul 2010, 3:51 pm

Its faster I must say, but the Avira keeps coming up. I am scanning it right now with Avira and it has come up with 3 things. I will post the log when finished. Nothing has been downloaded since we have begun this virus cleaning session.

Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by Restricted on Wed 28 Jul 2010, 8:01 am

Scratch the Avira log. The computer is worse. Nothing is being downloaded or has been downloaded. I can't even open MBAM without Avira finding a virus, and then it doesn't allow MBAM to open.

It says the virus is: C:\Windows.1\System32\Ernel32.dll

Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by DragonMaster Jay on Wed 28 Jul 2010, 1:36 pm

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow

Post by Restricted on Wed 28 Jul 2010, 4:49 pm

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x8061A344-->F7BDADF6 [Unknown module filename]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x805C7288-->F7BDADEC [Unknown module filename]
ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x8061A7E0-->F7BDADFB [Unknown module filename]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x8061A9B0-->F7BDAE05 [Unknown module filename]
ntkrnlpa.exe-->NtLoadKey, Type: Address change 0x8061C568-->F7BDAE0A [Unknown module filename]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805C1316-->F7BDADD8 [Unknown module filename]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805C15A2-->F7BDADDD [Unknown module filename]
ntkrnlpa.exe-->NtReplaceKey, Type: Address change 0x8061C418-->F7BDAE14 [Unknown module filename]
ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x8061BD24-->F7BDAE0F [Unknown module filename]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x806188B6-->F7BDAE00 [Unknown module filename]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805C8CAA-->F7BDADE7 [Unknown module filename]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x84DCAA00 [4] System
0x84B3D928 [148] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc., Catalyst Control Center: Monitoring program)
0x8497CBE8 [220] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH, Antivirus System Tray Tool)
0x849C2508 [232] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x8496FA50 [244] C:\Documents and Settings\Alexander\msnmsgr7.exe (Microsoft Windows, Mircosoft Messenger V.7)
0x84C2BBE8 [388] C:\WINDOWS.1\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x84CB44C8 [408] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc., DNA)
0x84967DA0 [508] C:\WINDOWS.1\explorer.exe (Microsoft Corporation, Windows Explorer)
0x84A6EC08 [552] C:\WINDOWS.1\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x84A0B900 [592] C:\WINDOWS.1\Ojuhoa.exe
0x84AA5DA0 [616] C:\WINDOWS.1\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x84A6C6E8 [656] C:\WINDOWS.1\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x84B57DA0 [700] C:\WINDOWS.1\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x84AF45D0 [712] C:\WINDOWS.1\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x84B147A8 [880] C:\WINDOWS.1\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x84C42118 [896] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x84A487E8 [984] C:\WINDOWS.1\system32\msiexec.exe (Microsoft Corporation, Windows® installer)
0x84B1F188 [988] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x84BF1020 [1040] C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH, Antivirus On-Access Service)
0x84980610 [1072] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x84A0E180 [1084] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8498FDA0 [1156] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x849D8368 [1172] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x84A507E0 [1244] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x84A26A98 [1284] C:\WINDOWS.1\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x849A9500 [1504] C:\WINDOWS.1\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x84577318 [1540] C:\WINDOWS.1\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x84B3F790 [1576] C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH, Antivirus Scheduler)
0x84B3C130 [1584] C:\WINDOWS.1\system32\inetsrv\inetinfo.exe (Microsoft Corporation, Internet Information Services)
0x84B1BBE8 [1664] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8497F440 [1972] C:\WINDOWS.1\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x845FE1E0 [2168] C:\Documents and Settings\Alexander\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\kxSn2qJi3r.exe (UG North, RKULE, SR2 Normandy)
0x84B5DDA0 [2836] C:\WINDOWS.1\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x84CFB068 [3052] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x84977890 [3160] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x849B9DA0 [3480] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc., Catalyst Control Centre: Host application)
==============================================
>Drivers
==============================================
0xF6F24000 C:\WINDOWS.1\system32\DRIVERS\ati2mtag.sys 3891200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1CD000 C:\WINDOWS.1\System32\ati3duag.dll 3821568 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF572000 C:\WINDOWS.1\System32\ativvaxx.dll 2670592 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF6C6D000 C:\WINDOWS.1\system32\drivers\ALCXWDM.SYS 2281472 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0x804D7000 C:\WINDOWS.1\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS.1\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF065000 C:\WINDOWS.1\System32\ati2cqag.dll 626688 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF7369000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF0FE000 C:\WINDOWS.1\System32\atikvmag.dll 540672 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF28FC000 C:\WINDOWS.1\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6B57000 C:\WINDOWS.1\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF29E1000 C:\WINDOWS.1\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEFCC1000 C:\WINDOWS.1\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS.1\System32\ati2dvag.dll 339968 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF182000 C:\WINDOWS.1\System32\atiok3x2.dll 307200 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xBFFA0000 C:\WINDOWS.1\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEF74D000 C:\WINDOWS.1\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6BDD000 C:\WINDOWS.1\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF6EE1000 C:\WINDOWS.1\system32\DRIVERS\b57xp32.sys 192512 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xF74AD000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF01E3000 C:\WINDOWS.1\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF733C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEED66000 C:\WINDOWS.1\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF296C000 C:\WINDOWS.1\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF29B9000 C:\WINDOWS.1\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF0210000 C:\WINDOWS.1\system32\DRIVERS\nwrdr.sys 163840 bytes (Microsoft Corporation, NetWare Redirector File System Driver)
0xF7457000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF28D6000 C:\WINDOWS.1\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6C49000 C:\WINDOWS.1\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6EBD000 C:\WINDOWS.1\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6E9A000 C:\WINDOWS.1\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF2997000 C:\WINDOWS.1\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS.1\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF741F000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF747D000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF28BA000 C:\WINDOWS.1\system32\DRIVERS\avipbb.sys 114688 bytes (Avira GmbH, Avira Driver for RootKit Detection)
0xF7322000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF743F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF287A000 C:\WINDOWS.1\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73F6000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6C1E000 C:\WINDOWS.1\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF03A0000 C:\WINDOWS.1\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xF00B6000 C:\WINDOWS.1\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF04A6000 C:\WINDOWS.1\system32\DRIVERS\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)
0xF6C35000 C:\WINDOWS.1\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6F10000 C:\WINDOWS.1\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF2A3A000 C:\WINDOWS.1\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS.1\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF740D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF749C000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6C0D000 C:\WINDOWS.1\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF77BC000 C:\WINDOWS.1\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF765C000 C:\WINDOWS.1\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF77EC000 C:\WINDOWS.1\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF768C000 C:\WINDOWS.1\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF767C000 C:\WINDOWS.1\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF766C000 C:\WINDOWS.1\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF0290000 C:\WINDOWS.1\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF773C000 C:\WINDOWS.1\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF764C000 C:\WINDOWS.1\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF6AF7000 C:\WINDOWS.1\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF761C000 C:\WINDOWS.1\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76AC000 C:\WINDOWS.1\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75FC000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76CC000 C:\WINDOWS.1\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF778C000 C:\WINDOWS.1\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF75EC000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76BC000 C:\WINDOWS.1\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75DC000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76FC000 C:\WINDOWS.1\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76EC000 C:\WINDOWS.1\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF760C000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF77CC000 C:\WINDOWS.1\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF76DC000 C:\WINDOWS.1\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF775C000 C:\WINDOWS.1\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEF53F000 C:\WINDOWS.1\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF779C000 C:\WINDOWS.1\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7964000 C:\WINDOWS.1\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7994000 C:\WINDOWS.1\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78C4000 C:\WINDOWS.1\system32\DRIVERS\nwlnkfwd.sys 32768 bytes (Microsoft Corporation, NWLINK2 Forwarder Driver)
0xF79A4000 C:\WINDOWS.1\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7924000 C:\WINDOWS.1\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7934000 C:\WINDOWS.1\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF797C000 C:\WINDOWS.1\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF785C000 C:\WINDOWS.1\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF792C000 C:\WINDOWS.1\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7944000 C:\WINDOWS.1\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF793C000 C:\WINDOWS.1\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF799C000 C:\WINDOWS.1\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7984000 C:\WINDOWS.1\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF798C000 C:\WINDOWS.1\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7864000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7954000 C:\WINDOWS.1\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF795C000 C:\WINDOWS.1\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF794C000 C:\WINDOWS.1\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF791C000 C:\WINDOWS.1\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF79AC000 C:\WINDOWS.1\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xEF715000 C:\WINDOWS.1\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF6BD5000 C:\WINDOWS.1\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF72FE000 C:\WINDOWS.1\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF04D2000 C:\WINDOWS.1\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xEF8A9000 C:\WINDOWS.1\system32\DRIVERS\nwlnkflt.sys 16384 bytes (Microsoft Corporation, NWLINK2 Traffic Filter Driver)
0xF7ABC000 C:\WINDOWS.1\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF79EC000 C:\WINDOWS.1\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF6BB9000 C:\WINDOWS.1\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7AB0000 C:\WINDOWS.1\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7AB4000 C:\WINDOWS.1\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7AC0000 C:\WINDOWS.1\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A78000 C:\WINDOWS.1\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B08000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7AFE000 C:\WINDOWS.1\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AE0000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B0A000 C:\WINDOWS.1\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AFC000 C:\WINDOWS.1\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7ADC000 C:\WINDOWS.1\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B00000 C:\WINDOWS.1\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B86000 C:\WINDOWS.1\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B02000 C:\WINDOWS.1\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AF6000 C:\WINDOWS.1\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7AF8000 C:\WINDOWS.1\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AFA000 C:\WINDOWS.1\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7ADE000 C:\WINDOWS.1\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D25000 C:\WINDOWS.1\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C5E000 C:\WINDOWS.1\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BC3000 C:\WINDOWS.1\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BA4000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x057C0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 102400 bytes
0x05FD0000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 1150976 bytes
0x00D80000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 118784 bytes
0x03950000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 118784 bytes
0x06790000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 118784 bytes
0x063B0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 135168 bytes
0x05A60000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 151552 bytes
0x05DE0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 1740800 bytes
0x05F90000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 217088 bytes
0x05A90000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 233472 bytes
0x00FA0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 28672 bytes
0x010C0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 28672 bytes
0x00E00000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x00E30000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03A10000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03E30000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03E10000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03FB0000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03E60000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03E80000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x03FD0000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x040A0000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x040C0000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04DC0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x048D0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04880000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04870000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x048A0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04A40000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04A20000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04D30000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04CB0000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04D80000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04F20000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04DD0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04ED0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04EF0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05030000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x051E0000 Hidden Image-->atixclib.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05370000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x053C0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x054D0000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05580000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05750000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05740000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05770000 Hidden Image-->Branding.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x057B0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05A00000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05A10000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x05A50000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x061F0000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 28672 bytes
0x04800000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 299008 bytes
0x010E0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x84B3D928 ] PID: 148, 307200 bytes
0x00DE0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8496FA50 ] PID: 244, 307200 bytes
0x00E70000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 307200 bytes
0x03870000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 36864 bytes
0x038F0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 36864 bytes
0x04860000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x00DD0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x03990000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x039E0000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x03A50000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x03BA0000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x04090000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x04D00000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x04DF0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x04E20000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x04E80000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x04EC0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x05760000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 36864 bytes
0x064F0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 372736 bytes
0x03150000 Hidden Image-->System.Management.dll [ EPROCESS 0x8496FA50 ] PID: 244, 380928 bytes
0x052F0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 413696 bytes
0x056D0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 413696 bytes
0x063E0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 446464 bytes
0x00DB0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 45056 bytes
0x00E20000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 45056 bytes
0x00DF0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x00ED0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x03A20000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x04D10000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x04DB0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x04E10000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x04E70000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 45056 bytes
0x03FE0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 454656 bytes
0x06470000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 462848 bytes
0x05AE0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 503808 bytes
0x057E0000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 512000 bytes
0x03A00000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x039D0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x03A30000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x03E20000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x03FA0000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x04CF0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x04DE0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x04E40000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x05180000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x05590000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x05780000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 53248 bytes
0x054E0000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 552960 bytes
0x06550000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 602112 bytes
0x04E50000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 61440 bytes
0x04EB0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 61440 bytes
0x04F80000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 61440 bytes
0x04FF0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 61440 bytes
0x00E30000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x84B3D928 ] PID: 148, 69632 bytes
0x00E40000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 69632 bytes
0x03970000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 69632 bytes
0x040D0000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 69632 bytes
0x04F40000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 69632 bytes
0x05010000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 69632 bytes
0x062F0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 724992 bytes
0x00DA0000 Hidden Image-->q31cE3aA9.dll [ EPROCESS 0x849A9500 ] PID: 1504, 73728 bytes
0x01A20000 Hidden Image-->ernel32.dll [ EPROCESS 0x84967DA0 ] PID: 508, 73728 bytes
0x003A0000 Hidden Image-->ernel32.dll [ EPROCESS 0x84B3D928 ] PID: 148, 73728 bytes
0x003E0000 Hidden Image-->ernel32.dll [ EPROCESS 0x8497CBE8 ] PID: 220, 73728 bytes
0x003A0000 Hidden Image-->ernel32.dll [ EPROCESS 0x849C2508 ] PID: 232, 73728 bytes
0x003A0000 Hidden Image-->ernel32.dll [ EPROCESS 0x8496FA50 ] PID: 244, 73728 bytes
0x003A0000 Hidden Image-->ernel32.dll [ EPROCESS 0x84CB44C8 ] PID: 408, 73728 bytes
0x008E0000 Hidden Image-->ernel32.dll [ EPROCESS 0x84C2BBE8 ] PID: 388, 73728 bytes
0x003A0000 Hidden Image-->ernel32.dll [ EPROCESS 0x849B9DA0 ] PID: 3480, 73728 bytes
0x04CD0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 77824 bytes
0x04D90000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 77824 bytes
0x04E90000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 77824 bytes
0x066C0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 823296 bytes
0x00E10000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 86016 bytes
0x04D40000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 86016 bytes
0x05A30000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 86016 bytes
0x039B0000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 94208 bytes
0x049E0000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 94208 bytes
0x04FC0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x849B9DA0 ] PID: 3480, 94208 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006AA8A, Type: Inline - RelativeJump 0x80541A8A-->80541A91 [ntkrnlpa.exe]
[148]MOM.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[1504]spoolsv.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[220]avgnt.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[232]iTunesHelper.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[244]msnmsgr7.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[3052]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[3480]CCC.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[388]ctfmon.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[408]btdna.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[508]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[508]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[508]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[508]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[508]explorer.exe-->ntdll.dll-->NtResumeThread, Type: Inline - RelativeJump 0x7C90DB3E-->00000000 [unknown_code_page]
[508]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[508]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[508]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[508]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[592]Ojuhoa.exe-->advapi32.dll-->RegDeleteValueA, Type: IAT modification 0x0040B000-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->BitBlt, Type: IAT modification 0x0040B088-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->CreateBitmap, Type: IAT modification 0x0040B080-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->CreateFontIndirectA, Type: IAT modification 0x0040B074-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->CreatePalette, Type: IAT modification 0x0040B06C-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->GetDCOrgEx, Type: IAT modification 0x0040B084-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->GetObjectA, Type: IAT modification 0x0040B070-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->GetPixel, Type: IAT modification 0x0040B078-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->gdi32.dll-->SelectPalette, Type: IAT modification 0x0040B07C-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->ExitProcess, Type: IAT modification 0x0040B0CC-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetACP, Type: IAT modification 0x0040B0A4-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x0040B0D8-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetDiskFreeSpaceA, Type: IAT modification 0x0040B0AC-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x0040B0B4-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x0040B09C-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetOEMCP, Type: IAT modification 0x0040B0C0-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040B090-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetSystemDefaultLangID, Type: IAT modification 0x0040B0B0-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetUserDefaultLCID, Type: IAT modification 0x0040B0D4-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->GetVersionExA, Type: IAT modification 0x0040B098-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->LocalAlloc, Type: IAT modification 0x0040B0C4-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->LockResource, Type: IAT modification 0x0040B094-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->lstrcmpiA, Type: IAT modification 0x0040B0BC-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->lstrlenA, Type: IAT modification 0x0040B0B8-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->MoveFileExA, Type: IAT modification 0x0040B0C8-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->SetThreadLocale, Type: IAT modification 0x0040B0D0-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->kernel32.dll-->VirtualAlloc, Type: IAT modification 0x0040B0A8-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->shell32.dll-->Shell_NotifyIconA, Type: IAT modification 0x0040B048-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->shell32.dll-->SHGetDiskFreeSpaceA, Type: IAT modification 0x0040B040-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->shell32.dll-->SHGetFolderPathA, Type: IAT modification 0x0040B044-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->shell32.dll-->SHGetSpecialFolderLocation, Type: IAT modification 0x0040B03C-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->CreateWindowExW, Type: IAT modification 0x7C9C1D3C-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x7C9C1D44-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->MessageBoxA, Type: IAT modification 0x7C9C1E5C-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->MessageBoxIndirectW, Type: IAT modification 0x7C9C2088-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->MessageBoxW, Type: IAT modification 0x7C9C1DC0-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->SetWindowPos, Type: IAT modification 0x7C9C1DA0-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->shell32.dll-->user32.dll-->ShowWindow, Type: IAT modification 0x7C9C1D58-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->user32.dll+0x00003B98, Type: Inline - PushRet 0x7E413B98-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001AAC, Type: Inline - PushRet 0x3D931AAC-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001AB2, Type: Inline - PushRet 0x3D931AB2-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001AC0, Type: Inline - PushRet 0x3D931AC0-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001ACA, Type: Inline - PushRet 0x3D931ACA-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001ACE, Type: Inline - PushRet 0x3D931ACE-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001AD2, Type: Inline - PushRet 0x3D931AD2-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001ADC, Type: Inline - PushRet 0x3D931ADC-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001B28, Type: Inline - RelativeJump 0x3D931B28-->00000000 [wininet.dll]
[592]Ojuhoa.exe-->wininet.dll+0x00001BC4, Type: Inline - PushRet 0x3D931BC4-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001BD8, Type: Inline - PushRet 0x3D931BD8-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001BDE, Type: Inline - PushRet 0x3D931BDE-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001BE2, Type: Inline - PushRet 0x3D931BE2-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001BE6, Type: Inline - PushRet 0x3D931BE6-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001BEA, Type: Inline - PushRet 0x3D931BEA-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001C14, Type: Inline - SEH 0x3D931C14 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001C16, Type: Inline - PushRet 0x3D931C16-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001C1A, Type: Inline - PushRet 0x3D931C1A-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001C1E, Type: Inline - PushRet 0x3D931C1E-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll+0x00001C22, Type: Inline - PushRet 0x3D931C22-->00000000 [unknown_code_page]
[592]Ojuhoa.exe-->wininet.dll-->user32.dll-->CreateWindowExW, Type: IAT modification 0x3D9315F0-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->wininet.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x3D931598-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->wininet.dll-->user32.dll-->MessageBoxW, Type: IAT modification 0x3D9315FC-->00000000 [Ojuhoa.exe]
[592]Ojuhoa.exe-->wininet.dll-->user32.dll-->SetWindowPos, Type: IAT modification 0x3D931560-->00000000 [Ojuhoa.exe]
[716]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by Restricted on Wed 28 Jul 2010, 9:02 pm

So I scanned with MBAM in safe mode (wouldn't open in regular mode) right after this, and it found 16 things! Don't know how they got there, but here is the log if you need it:

I can't find the log -_-

Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by DragonMaster Jay on Thu 29 Jul 2010, 8:14 am

GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.


Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow

Post by Restricted on Thu 29 Jul 2010, 9:51 am

GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-28 16:51:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\pxtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT F7D029FE ZwCreateKey
SSDT F7D029F4 ZwCreateThread
SSDT F7D02A03 ZwDeleteKey
SSDT F7D02A0D ZwDeleteValueKey
SSDT F7D02A12 ZwLoadKey
SSDT F7D029E0 ZwOpenProcess
SSDT F7D029E5 ZwOpenThread
SSDT F7D02A1C ZwReplaceKey
SSDT F7D02A17 ZwRestoreKey
SSDT F7D02A08 ZwSetValueKey
SSDT F7D029EF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS.1\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6F25000, 0x1C5D38, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\DNA\btdna.exe[308] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 003F000A
.text C:\WINDOWS.1\system32\ctfmon.exe[476] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 003F000A
.text C:\WINDOWS.1\Explorer.EXE[512] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CE000A
.text C:\WINDOWS.1\system32\spoolsv.exe[1504] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00F3000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3572] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.1\Explorer.EXE[512] @ C:\WINDOWS.1\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.1\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by DragonMaster Jay on Thu 29 Jul 2010, 3:31 pm

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow

Post by Restricted on Thu 29 Jul 2010, 3:38 pm

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:37 on 28/07/2010 (Alexander)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:52 20/05/2010]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [00:08 07/11/2080]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [23:14 21/12/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [07:09 05/04/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [07:32 07/09/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [05:46 05/11/2009]

C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\gigk9imp.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [04:41 20/05/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS.1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [23:39 28/01/2010]

-=E.O.F=-

Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by DragonMaster Jay on Thu 29 Jul 2010, 3:55 pm

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow

Post by Restricted on Thu 29 Jul 2010, 4:11 pm

This link doesn't work, so I can't download it.

[You must be registered and logged in to see this link.]

Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by DragonMaster Jay on Thu 29 Jul 2010, 4:19 pm

Worked fine for me


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Slow

Post by Restricted on Thu 29 Jul 2010, 8:52 pm

Something is blocking it on this PC, because it works on my laptop. I'll transfer it to a flash/hard drive in the morning and try it then.

Restricted

Rookie Surfer
Rookie Surfer

Posts : 158
Joined : 2009-06-12
Operating System : Win7 Ultimate 32-bit

View user profile

Back to top Go down

Re: Slow

Post by Sponsored content Today at 12:45 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum