Threaded Mode | Linear Mode

renski · (This post was last modified: 12-03-2011 10:29 AM by renski.)

Hey guys,

recently my pc started to behave strange so I perform scan with Superanispywawe and Malwarebites, which has found some ad wares and some modification. Then I used DrWeb, which did not find anything and yesterday I performed scan using Kaspersky virus removal tool, which instantly has showed 2 trojan horses and succesfully deleted. But not sure what to do now. I am not fully convinced that the kaspersky got rid of the virus completly. I really would appreciate any help from you and some guidance.

EDIT: FOrgot to tell I also used combofix, which was really stupid...Cause I had no idea it's should be use only when asked by professional.

Here is the dds report:

DDS (Ver_11-03-05.01) - NTFSx86
Run by GenRose at 9:24:47,52 on so 12.03.2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2046.1171 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Expat Shield\bin\openvpnas.exe
C:\Program Files\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files\Expat Shield\bin\hsswd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\rundll32.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\GenRose\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WebTransBHO Class: {2db66063-bb98-466a-aa0d-3e7acf5ed853} - c:\programdata\langsoft\WebIE.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - c:\program files\expat shield\hssie\ExpatIE.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: WebTranslator: {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - c:\programdata\langsoft\WebIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [IME14 CHT Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [IME14 JPN Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /JPN /Log
mRun: [IME14 KOR Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /KOR /Log
mRun: [IME14 CHS Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHS /Log
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\langsoft\WebIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\langsoft\WebIE.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 59278922;59278922 Boot Guard Driver;c:\windows\system32\drivers\59278922.sys [2011-3-11 37392]
R1 59278921;59278921;c:\windows\system32\drivers\59278921.sys [2011-3-11 128016]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ExpatShieldService;Expat Shield Service;c:\program files\expat shield\bin\openvpnas.exe [2010-11-30 268848]
R2 ExpatSrv;Expat Shield Routing Service;c:\program files\expat shield\hsswpr\hsssrv.exe [2010-10-15 352304]
R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\common files\microsoft shared\ime14\shared\IMEDICTUPDATE.EXE [2010-1-21 59760]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-30 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ExpatTrayService;Expat Shield Tray Service;c:\program files\expat shield\bin\ExpatTrayService.exe [2010-11-30 54516]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-10-27 72704]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-10-27 43904]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-10-19 722288]
S3 vwmfbus;Vertex Wireless Composite Device driver (WDM);c:\windows\system32\drivers\vwmfbus.sys [2010-10-20 98560]
S3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM);c:\windows\system32\drivers\vwmfdiag.sys [2010-10-20 100224]
S3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~;c:\windows\system32\drivers\vwmfmdfl.sys [2010-10-20 14848]
S3 vwmfmdm;Vertex Wireless CDC Modem Driver;c:\windows\system32\drivers\vwmfmdm.sys [2010-10-20 123776]
S3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM);c:\windows\system32\drivers\vwmfserd.sys [2010-10-20 100224]
S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-19 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-03-12 07:53:35 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-12 07:53:29 -------- d-----w- c:\users\genrose\appdata\local\temp
2011-03-12 07:36:02 98816 ----a-w- c:\windows\sed.exe
2011-03-12 07:36:02 89088 ----a-w- c:\windows\MBR.exe
2011-03-12 07:36:02 256512 ----a-w- c:\windows\PEV.exe
2011-03-12 07:36:02 161792 ----a-w- c:\windows\SWREG.exe
2011-03-11 19:48:25 37392 ----a-w- c:\windows\system32\drivers\59278922.sys
2011-03-11 19:48:25 311312 ----a-w- c:\windows\system32\drivers\5927892.sys
2011-03-11 19:48:25 128016 ----a-w- c:\windows\system32\drivers\59278921.sys
2011-03-11 19:34:32 -------- d-----w- c:\progra~2\Kaspersky Lab
2011-03-11 08:13:03 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{37dab222-5880-4ca3-bd2b-4f84165c3d37}\mpengine.dll
2011-03-10 20:25:01 -------- d-----w- c:\program files\iPod
2011-03-10 20:25:00 -------- d-----w- c:\program files\iTunes
2011-03-09 19:28:59 -------- d-----w- c:\windows\system32\SPReview
2011-03-09 19:27:38 -------- d-----w- c:\windows\system32\EventProviders
2011-03-09 19:22:10 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-09 19:22:02 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-03-09 19:22:02 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 19:22:02 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-03-09 19:20:59 863744 ----a-w- c:\windows\system32\diagperf.dll
2011-03-09 19:19:59 46080 ----a-w- c:\windows\system32\RpcRtRemote.dll
2011-03-09 19:18:59 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-03-09 19:17:24 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-09 19:17:23 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-09 19:17:22 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-03-09 19:17:22 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-09 19:17:01 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-09 19:16:47 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-03-09 19:16:46 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-09 19:14:46 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-03-09 19:14:44 257024 ----a-w- c:\windows\system32\dpx.dll
2011-03-09 19:07:05 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-09 18:12:57 -------- d-----w- C:\9f9aab3e9d7d115327213aba3000777d
2011-03-09 12:21:07 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 12:21:07 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 12:21:07 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 12:21:05 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 12:21:05 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 12:21:05 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 12:21:05 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-03 20:22:34 -------- d-----w- c:\program files\Bonjour
2011-03-03 10:28:02 -------- d-----w- c:\users\genrose\appdata\roaming\SUPERAntiSpyware.com
2011-03-03 10:28:02 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-03-03 10:27:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-02 22:46:56 -------- d-----w- c:\users\genrose\DoctorWeb
2011-03-02 22:31:42 -------- d-----w- c:\users\genrose\appdata\roaming\Malwarebytes
2011-03-02 22:31:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-02 22:31:02 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-02 22:30:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-02 22:30:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-02 22:30:21 102400 ----a-w- c:\windows\RegBootClean.exe
2011-02-27 17:42:57 -------- d-----w- c:\users\genrose\appdata\local\ldoce5
2011-02-27 15:57:17 -------- d-----w- c:\users\genrose\appdata\roaming\ldoce5
2011-02-27 15:52:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-02-25 18:29:59 -------- d-----w- c:\users\genrose\appdata\local\Cooliris
2011-02-23 09:23:42 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 09:23:42 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 22:05:52 -------- d-----w- c:\users\genrose\appdata\local\cald3
2011-02-22 22:05:44 -------- d-----w- c:\users\genrose\appdata\roaming\cald3
2011-02-22 21:54:31 -------- d-----w- c:\program files\Cambridge
2011-02-21 15:57:12 -------- d-----w- c:\users\genrose\appdata\roaming\EnglishVocabularyInUse
2011-02-18 15:36:58 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-14 14:52:59 181608 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10137.bin
2011-02-11 18:40:22 -------- d-----w- C:\PFiles
2011-02-10 14:18:58 -------- d-----w- C:\838affbd79ed836a8815f206
2011-02-10 08:26:05 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-02-10 08:26:02 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-02-10 08:25:59 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-10 08:25:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-10 08:25:40 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-02-10 08:25:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-10 08:25:40 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-10 08:25:08 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-10 08:25:08 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-10 08:25:08 107520 ----a-w- c:\windows\system32\cdd.dll
.
==================== Find3M ====================
.
2011-03-09 19:47:16 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-18 20:38:26 165492 ----a-w- c:\windows\Video Cleaner Pro Uninstaller.exe
2011-01-01 10:43:27 12536 ----a-w- c:\windows\system32\avgrsstx.dll.install_backup
.
============= FINISH: 9:26:19,82 ===============

**Maniac** · (This post was last modified: 12-03-2011 10:53 AM by Maniac.)

Hello renski! Welcome to Techmonkeys Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

The process of cleaning your system may take some time, so please be patient.
Follow my instructions step by step if there is a problem somewhere, stop and tell me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
If you don't know or can't understand something please ask.
Do not install or uninstall any software or hardware, while work on.
Keep me informed about any changes.
Post all of your log files, don't attach them.

Step 1

Go to Start => Run... and copy & paste next command in the field:

Code:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

Uninstall ComboFix
Delete its related folders and files
Reset your clock settings
Hide file extensions
Hide the system/hidden files
Resets System Restore again

Note: Make sure there's a space between ComboFix and /uninstall

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update" tab and select Check for Updates.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your next reply, please post the following logs:

Malwarebytes' Anti-Malware log
a new fresh DDS log only

renski · 12-03-2011, 11:31 AM

Hello Borislav, thanks for your help.

Step 1: I unnistalled combofix
Step 2: Here is the log for Malwarebytes scan:

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 6032

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12.3.2011 10:12:23
mbam-log-2011-03-12 (10-12-23).txt

Typ kontroly: Rychlý test
Testované objekty: 159191
Uplynulý čas: 6 minut, 24 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

and DDS report:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by GenRose at 10:29:50,29 on so 12.03.2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2046.1124 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Expat Shield\bin\openvpnas.exe
C:\Program Files\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files\Expat Shield\bin\hsswd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GenRose\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\GenRose\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WebTransBHO Class: {2db66063-bb98-466a-aa0d-3e7acf5ed853} - c:\programdata\langsoft\WebIE.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - c:\program files\expat shield\hssie\ExpatIE.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: WebTranslator: {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - c:\programdata\langsoft\WebIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [IME14 CHT Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [IME14 JPN Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /JPN /Log
mRun: [IME14 KOR Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /KOR /Log
mRun: [IME14 CHS Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHS /Log
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\langsoft\WebIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\langsoft\WebIE.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 59278922;59278922 Boot Guard Driver;c:\windows\system32\drivers\59278922.sys [2011-3-11 37392]
R1 59278921;59278921;c:\windows\system32\drivers\59278921.sys [2011-3-11 128016]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ExpatShieldService;Expat Shield Service;c:\program files\expat shield\bin\openvpnas.exe [2010-11-30 268848]
R2 ExpatSrv;Expat Shield Routing Service;c:\program files\expat shield\hsswpr\hsssrv.exe [2010-10-15 352304]
R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\common files\microsoft shared\ime14\shared\IMEDICTUPDATE.EXE [2010-1-21 59760]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-30 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ExpatTrayService;Expat Shield Tray Service;c:\program files\expat shield\bin\ExpatTrayService.exe [2010-11-30 54516]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-10-27 72704]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-10-27 43904]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-10-19 722288]
S3 vwmfbus;Vertex Wireless Composite Device driver (WDM);c:\windows\system32\drivers\vwmfbus.sys [2010-10-20 98560]
S3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM);c:\windows\system32\drivers\vwmfdiag.sys [2010-10-20 100224]
S3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~;c:\windows\system32\drivers\vwmfmdfl.sys [2010-10-20 14848]
S3 vwmfmdm;Vertex Wireless CDC Modem Driver;c:\windows\system32\drivers\vwmfmdm.sys [2010-10-20 123776]
S3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM);c:\windows\system32\drivers\vwmfserd.sys [2010-10-20 100224]
S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-19 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-03-12 07:53:35 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-12 07:53:29 -------- d-----w- c:\users\genrose\appdata\local\temp
2011-03-11 19:48:25 37392 ----a-w- c:\windows\system32\drivers\59278922.sys
2011-03-11 19:48:25 311312 ----a-w- c:\windows\system32\drivers\5927892.sys
2011-03-11 19:48:25 128016 ----a-w- c:\windows\system32\drivers\59278921.sys
2011-03-11 19:34:32 -------- d-----w- c:\progra~2\Kaspersky Lab
2011-03-11 08:13:03 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{37dab222-5880-4ca3-bd2b-4f84165c3d37}\mpengine.dll
2011-03-10 20:25:01 -------- d-----w- c:\program files\iPod
2011-03-10 20:25:00 -------- d-----w- c:\program files\iTunes
2011-03-09 19:28:59 -------- d-----w- c:\windows\system32\SPReview
2011-03-09 19:27:38 -------- d-----w- c:\windows\system32\EventProviders
2011-03-09 19:22:10 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-09 19:22:02 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-03-09 19:22:02 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 19:22:02 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-03-09 19:20:59 863744 ----a-w- c:\windows\system32\diagperf.dll
2011-03-09 19:19:59 46080 ----a-w- c:\windows\system32\RpcRtRemote.dll
2011-03-09 19:18:59 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-03-09 19:17:24 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-09 19:17:23 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-09 19:17:22 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-03-09 19:17:22 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-09 19:17:01 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-09 19:16:47 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-03-09 19:16:46 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-09 19:14:46 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-03-09 19:14:44 257024 ----a-w- c:\windows\system32\dpx.dll
2011-03-09 19:07:05 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-09 18:12:57 -------- d-----w- C:\9f9aab3e9d7d115327213aba3000777d
2011-03-09 12:21:07 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 12:21:07 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 12:21:07 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 12:21:05 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 12:21:05 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 12:21:05 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 12:21:05 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-03 20:22:34 -------- d-----w- c:\program files\Bonjour
2011-03-03 10:28:02 -------- d-----w- c:\users\genrose\appdata\roaming\SUPERAntiSpyware.com
2011-03-03 10:28:02 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-03-03 10:27:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-02 22:46:56 -------- d-----w- c:\users\genrose\DoctorWeb
2011-03-02 22:31:42 -------- d-----w- c:\users\genrose\appdata\roaming\Malwarebytes
2011-03-02 22:31:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-02 22:31:02 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-02 22:30:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-02 22:30:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-02 22:30:21 102400 ----a-w- c:\windows\RegBootClean.exe
2011-02-27 17:42:57 -------- d-----w- c:\users\genrose\appdata\local\ldoce5
2011-02-27 15:57:17 -------- d-----w- c:\users\genrose\appdata\roaming\ldoce5
2011-02-27 15:52:46 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-02-25 18:29:59 -------- d-----w- c:\users\genrose\appdata\local\Cooliris
2011-02-23 09:23:42 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 09:23:42 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 22:05:52 -------- d-----w- c:\users\genrose\appdata\local\cald3
2011-02-22 22:05:44 -------- d-----w- c:\users\genrose\appdata\roaming\cald3
2011-02-22 21:54:31 -------- d-----w- c:\program files\Cambridge
2011-02-21 15:57:12 -------- d-----w- c:\users\genrose\appdata\roaming\EnglishVocabularyInUse
2011-02-18 15:36:58 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-14 14:52:59 181608 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10137.bin
2011-02-11 18:40:22 -------- d-----w- C:\PFiles
2011-02-10 14:18:58 -------- d-----w- C:\838affbd79ed836a8815f206
.
==================== Find3M ====================
.
2011-03-09 19:47:16 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-18 20:38:26 165492 ----a-w- c:\windows\Video Cleaner Pro Uninstaller.exe
2011-01-07 07:45:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 06:01:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-07 05:43:36 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:55:55 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:51:01 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-01-01 10:43:27 12536 ----a-w- c:\windows\system32\avgrsstx.dll.install_backup
2010-12-17 07:07:55 542208 ----a-w- c:\windows\system32\kerberos.dll
.
============= FINISH: 10:30:42,37 ===============

**Maniac** · (This post was last modified: 12-03-2011 12:25 PM by Maniac.)

Step 1

Please download Rootkit Unhooker and save it to your desktop.

Double-click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it, typically your desktop. Click Close
Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Step 2

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

Please go here then click on:
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Now click on Advanced Settings and select the following:

Remove found threats
Scan archives
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the[b] Online Scan will begin automatically.[/b]
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply, please post the following logs:

Rootkit Unhooker log
ESET Online Scanner log

renski · 12-03-2011, 12:41 PM

I can't download Rootkit Unhooker, it says: The selected attachment does not exist anymore.

**Maniac** · (This post was last modified: 12-03-2011 02:32 PM by Maniac.)

Sorry about that! Please use this link:
http://www.softpedia.com/dyn-postdownloa...19&t=4&i=1

renski · (This post was last modified: 12-03-2011 02:46 PM by renski.)

No problem ;-) So I've downloaded it and when clicked it says: Failed to enable debug privilege, not critical issue. and Error, load driver privilege not adjusted. I've tried to run it as administrator, it's initializing but then stops and says: Error loading driver, NTSTATUS code: C0000001

**Maniac** · 12-03-2011, 03:25 PM

Okay, go ahead with ESET Online Scanner.

renski · (This post was last modified: 13-03-2011 10:42 AM by renski.)

The problem was I didn't save it onto desktop. So then I worked and here is the report from Rootkit:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8EA28000 C:\Windows\system32\DRIVERS\59278921.sys 5373952 bytes (Kaspersky Lab, Kaspersky Unified Driver)
0x8F41E000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 4456448 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 97.46 )
0x82E44000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82E44000 PnpManager 4268032 bytes
0x82E44000 RAW 4268032 bytes
0x82E44000 WMIxWDM 4268032 bytes
0x96DB0000 Win32k 2412544 bytes
0x96DB0000 C:\Windows\System32\win32k.sys 2412544 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x95A18000 C:\Windows\system32\DRIVERS\NETw3v32.sys 1839104 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x8928E000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x89006000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x82077000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x88C2E000 PCI_PNP7769 995328 bytes
0x88C2E000 C:\Windows\System32\Drivers\spbo.sys 995328 bytes
0x88C2E000 sptd 995328 bytes
0x8F85E000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88F3B000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.2 driver)
0x81E28000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x88AE0000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x95F12000 C:\Windows\system32\drivers\stwrt.sys 667648 bytes (IDT, Inc., IDT PC Audio)
0x9AE39000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9A426000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, Zásobník protokolu HTTP)
0x88A00000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x88B8B000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x89173000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8CE4F000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9AF5F000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x9AF10000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8F96D000 C:\Windows\system32\drivers\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x88E16000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88D50000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x821A4000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x95EBD000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x88A9E000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8CF29000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8944F000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8922B000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8203A000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x9A4F9000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8F915000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8CFB1000 C:\Windows\System32\Drivers\a29tuklu.SYS 229376 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x82E0D000 ACPI_HAL 225280 bytes
0x82E0D000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88EF6000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x95E7B000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x894DB000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8CE1D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8941E000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x95FB5000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88E76000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8F9B8000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x89496000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x89135000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x9AFD2000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x88DAB000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8EFA6000 C:\Windows\system32\DRIVERS\Apfiltr.sys 163840 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x8EF7F000 C:\Windows\system32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0x88D2A000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8951E000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x89269000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x88ECA000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9A4D6000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x95E0A000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8CF01000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x9AEDA000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8EF48000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Ovladač rozhraní tunelového propojení Microsoft)
0x895BB000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x89582000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8F94E000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8CEB0000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, Plánovač paketů technologie QoS)
0x96C40000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x81E00000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9A534000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8217A000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9A4AB000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x95FE4000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8CF8B000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x95A00000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8EA00000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x95E2C000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x95E44000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x95E5B000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x893E6000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x88EAB000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x89160000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x82000000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8CEDD000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8EFCE000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8EF69000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9A4C4000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8950D000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x81F14000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88F2A000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x95F01000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88DD5000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x88A85000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8CEF0000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8EFE0000 C:\Windows\system32\DRIVERS\HssDrv.sys 65536 bytes (AnchorFree Inc., Expat Shield Routing Driver)
0x82194000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x894C3000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x821EA000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x88C00000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x95BE9000 C:\Windows\system32\drivers\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8CFA3000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8CECF000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x893D8000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88E68000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x891D0000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x95EAF000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x88C20000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x89543000 C:\Windows\system32\DRIVERS\59278922.sys 53248 bytes (Kaspersky Lab, Kaspersky Lab Boot Guard Driver)
0x8F406000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x81EF3000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F9E5000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x81EDC000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8F9F2000 C:\Windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9AEFB000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x895DC000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8CF7F000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x89200000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x895AF000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x88DEE000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x81F00000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x81FE9000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x89408000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8F413000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x95BDE000 C:\Windows\system32\drivers\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x88DA0000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Kořenový enumerátor virtuální jednotky)
0x81EE9000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8CF74000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8CF6A000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9AED0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x88EED000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x9AFB0000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x88EC1000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x81F0B000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x891DE000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9AFBF000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x96C10000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88D21000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x88A96000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x88DE6000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x894D3000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BB7000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x88D98000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x895E9000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x895F1000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x89400000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8948E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9AF08000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x895A8000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x88E61000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x895A1000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x88EA4000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x95E72000 C:\Windows\system32\DRIVERS\taphss.sys 28672 bytes (AnchorFree Inc, TAP-Win32 Virtual Network Driver)
0x8CEA9000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8F400000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8CF23000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8EF7B000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9A567000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x95BF8000 C:\Windows\system32\DRIVERS\SFEP.sys 12288 bytes (Sony Corporation, Sony Firmware Extension Parser driver)
0x95E79000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8CF7E000 C:\Windows\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
0x84E771F8 unknown_irp_handler 3592 bytes
0x84E751F8 unknown_irp_handler 3592 bytes
0x84E761F8 unknown_irp_handler 3592 bytes
0x8603D1F8 unknown_irp_handler 3592 bytes
0x860491F8 unknown_irp_handler 3592 bytes
0x85F501F8 unknown_irp_handler 3592 bytes
0x85E811F8 unknown_irp_handler 3592 bytes
0x84E731F8 unknown_irp_handler 3592 bytes
0x86CCA1F8 unknown_irp_handler 3592 bytes
0x85A46500 unknown_irp_handler 2816 bytes
0x8604C500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x9A595F2E Unknown thread object [ ETHREAD 0x87414D48 ] , 600 bytes
0x10000000 Hidden Image-->VAIOUpdt.exe.mui [ EPROCESS 0x877564A8 ] PID: 3868, 888832 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\$RECYCLE.BIN\S-1-5-21-182468245-3286027760-3580106056-1000\$RW6C25R\8R3yo7DG3dUsLhCOcl.exe
!-->[Hidden] C:\$RECYCLE.BIN\S-1-5-21-182468245-3286027760-3580106056-1000\$RW6C25R\RkUnhooker.chm
!-->[Hidden] C:\$RECYCLE.BIN\S-1-5-21-182468245-3286027760-3580106056-1000\$RW6C25R\uninstall.exe
!-->[Hidden] C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat::$DATA
!-->[Hidden] C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat::$DATA
!-->[Hidden] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C1FDB056-7265-4296-B526-A4AB5B596D86}
!-->[Hidden] C:\ProgramData\Microsoft\Windows\Sqm\Upload\Global_13238528_00.sqm
!-->[Hidden] C:\ProgramData\Microsoft\Windows\Sqm\Upload\Global_13238528_01.sqm
!-->[Hidden] C:\ProgramData\Microsoft\Windows\Sqm\Upload\Global_13238784_00.sqm
!-->[Hidden] C:\ProgramData\Microsoft\Windows\Sqm\Upload\Global_13238784_01.sqm
!-->[Hidden] C:\ProgramData\Microsoft\Windows\Sqm\Upload\Private_401412_00.sqm
!-->[Hidden] C:\ProgramData\Microsoft\Windows\Sqm\Upload\Private_401412_01.sqm
!-->[Hidden] C:\ProgramData\Microsoft\Windows\Sqm\Upload\Private_401412_02.sqm
!-->[Hidden] C:\ProgramData\Microsoft\Windows\Sqm\Upload\Private_401412_03.sqm
!-->[Hidden] C:\ProgramData\Microsoft\Windows\Sqm\Upload\WSqmCons_00.sqm
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_31D9CBF8.exe_4b5c97f84bdc50dd5c92772a47ef13b694fac47_1533da98\Report.wer
!-->[Hidden] C:\ProgramData\Vertex Wireless\VW100 Connection Manager\Setting.ldb::$DATA
!-->[Hidden] C:\ProgramData\Vertex Wireless\VW100 Connection Manager\Setting.mdb::$DATA
!-->[Hidden] C:\ProgramData\Vertex Wireless\VW100 Connection Manager\VW.ldb::$DATA
!-->[Hidden] C:\ProgramData\Vertex Wireless\VW100 Connection Manager\VW.mdb::$DATA
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003c8
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003cc
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003cd
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003ce
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003cf
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003d0
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003d1
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003d2
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003d3
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003d4
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003d5
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003d6
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003d7
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003d8
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003d9
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003da
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003db
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003dc
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003dd
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003de
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003df
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003e0
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003e1
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003e2
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003e3
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003e4
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003e6
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003e7
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003e8
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003e9
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003ea
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003eb
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003ec
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003ed
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003ee
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003ef
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003f0
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003f1
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003f2
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003f3
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003f4
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003f5
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003f6
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003f7
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003f8
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003f9
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003fa
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003fc
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003fd
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003fe
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003ff
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000400
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000401
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000402
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000403
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000404
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000405
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000406
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000407
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000408
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000409
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040a
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040b
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040c
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040d
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040e
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040f
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000410
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000411
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000412
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000414
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000415
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000416
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000417
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000418
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041a
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041b
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041c
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041d
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041e
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041f
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000420
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000421
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000422
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000423
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000424
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000425
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000426
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000427
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000428
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000429
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042a
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042b
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042c
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042d
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042f
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000430
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000431
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000432
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000433
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000434
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000435
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000436
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000437
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000438
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000439
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043a
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043b
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043c
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043d
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043e
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043f
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000440
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000441
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000442
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000443
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000444
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000445
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000446
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000447
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000448
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000449
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044a
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044b
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044c
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044d
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044e
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044f
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000450
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000451
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000452
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000453
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000454
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000455
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000456
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000457
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000458
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000459
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045a
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045b
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045c
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045d
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045e
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045f
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000460
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000461
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000462
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000463
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000464
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000465
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000466
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000467
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000468
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000469
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046a
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046b
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046c
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046d
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046e
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046f
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000470
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000471
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000472
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000473
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000474
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000475
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000476
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000477
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000478
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000479
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047a
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047b
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047c
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047d
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047e
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047f
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000480
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000481
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000482
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000483
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000484
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000485
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000486
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000487
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000488
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000489
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048a
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048b
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Current Session::$DATA
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\Current Tabs::$DATA
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9C65.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9C66.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9C77.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9C78.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9C88.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9C89.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9C9A.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9C9B.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9C9C.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9CAC.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9CAD.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9CBE.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\9CBF.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EE5A.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EE6A.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EE6B.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EE7C.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EE7D.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EE7E.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EE8E.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EE8F.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EEA0.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EEA1.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EEA2.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EEB3.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\EEB4.tmp
!-->[Hidden] C:\Users\GenRose\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3TRM3VX6\p.iivt.com\iivt.swf\iivt.sol
!-->[Hidden] C:\Users\GenRose\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3TRM3VX6\static.xvideos.com\swf\xv-player.swf\hexaplayerPopUpCookie.sol
!-->[Hidden] C:\Users\GenRose\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3TRM3VX6\static.xvideos.com\swf\xv-player.swf\hexaplayerVolumeCookie.sol
!-->[Hidden] C:\Users\GenRose\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#p.iivt.com\settings.sol
!-->[Hidden] C:\Users\GenRose\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.xvideos.com\settings.sol
!-->[Hidden] C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\f6f6b18368f227f79361a72c87b6ace8d8918a1f.HomeGroupClassifier\90b2784fe7702e6e6d6d4e31b2b7cdea\grouping\edb00149.log
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\temp\sqmdata00.sqm
==============================================
>Hooks
==============================================
ntkrnlpa.exe-->AlpcGetHeaderSize, Type: EAT modification 0x831961A0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->AlpcGetMessageAttribute, Type: EAT modification 0x831961A4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->AlpcInitializeMessageAttribute, Type: EAT modification 0x831961A8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->atoi, Type: EAT modification 0x83198128-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->atol, Type: EAT modification 0x8319812C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->bsearch, Type: EAT modification 0x83198130-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCanIWrite, Type: EAT modification 0x831961AC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCoherencyFlushAndPurgeCache, Type: EAT modification 0x831961B0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCopyRead, Type: EAT modification 0x831961B4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCopyWrite, Type: EAT modification 0x831961B8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCopyWriteWontFlush, Type: EAT modification 0x831961BC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcDeferWrite, Type: EAT modification 0x831961C0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastCopyRead, Type: EAT modification 0x831961C4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastCopyWrite, Type: EAT modification 0x831961C8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastMdlReadWait, Type: EAT modification 0x831961CC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFlushCache, Type: EAT modification 0x831961D0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetDirtyPages, Type: EAT modification 0x831961D4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFileObjectFromBcb, Type: EAT modification 0x831961D8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrs, Type: EAT modification 0x831961DC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrsRef, Type: EAT modification 0x831961E0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFlushedValidData, Type: EAT modification 0x831961E4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetLsnForFileObject, Type: EAT modification 0x831961E8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcInitializeCacheMap, Type: EAT modification 0x831961EC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcIsThereDirtyData, Type: EAT modification 0x831961F0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcIsThereDirtyDataEx, Type: EAT modification 0x831961F4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMapData, Type: EAT modification 0x831961F8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlRead, Type: EAT modification 0x831961FC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlReadComplete, Type: EAT modification 0x83196200-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlWriteAbort, Type: EAT modification 0x83196204-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlWriteComplete, Type: EAT modification 0x83196208-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPinMappedData, Type: EAT modification 0x8319620C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPinRead, Type: EAT modification 0x83196210-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPrepareMdlWrite, Type: EAT modification 0x83196214-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPreparePinWrite, Type: EAT modification 0x83196218-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPurgeCacheSection, Type: EAT modification 0x8319621C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcRemapBcb, Type: EAT modification 0x83196220-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcRepinBcb, Type: EAT modification 0x83196224-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcScheduleReadAhead, Type: EAT modification 0x83196228-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetAdditionalCacheAttributes, Type: EAT modification 0x8319622C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetBcbOwnerPointer, Type: EAT modification 0x83196230-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetDirtyPageThreshold, Type: EAT modification 0x83196234-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetDirtyPinnedData, Type: EAT modification 0x83196238-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetFileSizes, Type: EAT modification 0x8319623C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetFileSizesEx, Type: EAT modification 0x83196240-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetLogHandleForFile, Type: EAT modification 0x83196244-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetParallelFlushFile, Type: EAT modification 0x83196248-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetReadAheadGranularity, Type: EAT modification 0x8319624C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcTestControl, Type: EAT modification 0x83196250-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUninitializeCacheMap, Type: EAT modification 0x83196254-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUnpinData, Type: EAT modification 0x83196258-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUnpinDataForThread, Type: EAT modification 0x8319625C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUnpinRepinnedBcb, Type: EAT modification 0x83196260-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcWaitForCurrentLazyWriterActivity, Type: EAT modification 0x83196264-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcZeroData, Type: EAT modification 0x83196268-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmCallbackGetKeyObjectID, Type: EAT modification 0x8319626C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmGetBoundTransaction, Type: EAT modification 0x83196270-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmGetCallbackVersion, Type: EAT modification 0x83196274-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmKeyObjectType, Type: EAT modification 0x83196278-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmRegisterCallback, Type: EAT modification 0x8319627C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmRegisterCallbackEx, Type: EAT modification 0x83196280-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmSetCallbackObjectContext, Type: EAT modification 0x83196284-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmUnRegisterCallback, Type: EAT modification 0x83196288-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgBreakPoint, Type: EAT modification 0x8319628C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgBreakPointWithStatus, Type: EAT modification 0x83196290-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgCommandString, Type: EAT modification 0x83196294-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgkLkmdRegisterCallback, Type: EAT modification 0x831962B8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgkLkmdUnregisterCallback, Type: EAT modification 0x831962BC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgLoadImageSymbols, Type: EAT modification 0x83196298-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrint, Type: EAT modification 0x8319629C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrintEx, Type: EAT modification 0x831962A0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrintReturnControlC, Type: EAT modification 0x831962A4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrompt, Type: EAT modification 0x831962A8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgQueryDebugFilterState, Type: EAT modification 0x831962AC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgSetDebugFilterState, Type: EAT modification 0x831962B0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgSetDebugPrintCallback, Type: EAT modification 0x831962B4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmClientQueryRuleState, Type: EAT modification 0x831962C0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmClientRuleDeregisterNotification, Type: EAT modification 0x831962C4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmClientRuleEvaluate, Type: EAT modification 0x831962C8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmClientRuleRegisterNotification, Type: EAT modification 0x831962CC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmpProviderRegister, Type: EAT modification 0x831962E0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmProviderDeregister, Type: EAT modification 0x831962D0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmProviderDeregisterEntry, Type: EAT modification 0x831962D4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmProviderRegister, Type: EAT modification 0x831962D8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmProviderRegisterEntry, Type: EAT modification 0x831962DC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwActivityIdControl, Type: EAT modification 0x831962E4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwEnableTrace, Type: EAT modification 0x831962E8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwEventEnabled, Type: EAT modification 0x831962EC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwProviderEnabled, Type: EAT modification 0x831962F0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwRegister, Type: EAT modification 0x831962F4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwRegisterClassicProvider, Type: EAT modification 0x831962F8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwSendTraceBuffer, Type: EAT modification 0x831962FC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwUnregister, Type: EAT modification 0x83196300-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWrite, Type: EAT modification 0x83196304-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteEndScenario, Type: EAT modification 0x83196308-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteEx, Type: EAT modification 0x8319630C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteStartScenario, Type: EAT modification 0x83196310-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteString, Type: EAT modification 0x83196314-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteTransfer, Type: EAT modification 0x83196318-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireCacheAwarePushLockExclusive, Type: EAT modification 0x8319631C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireFastMutexUnsafe, Type: EAT modification 0x83196028-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireResourceExclusiveLite, Type: EAT modification 0x83196320-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireResourceSharedLite, Type: EAT modification 0x83196324-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtection, Type: EAT modification 0x8319602C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtectionCacheAware, Type: EAT modification 0x83196030-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtectionCacheAwareEx, Type: EAT modification 0x83196034-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtectionEx, Type: EAT modification 0x83196038-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSharedStarveExclusive, Type: EAT modification 0x83196328-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSharedWaitForExclusive, Type: EAT modification 0x8319632C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSpinLockExclusive, Type: EAT modification 0x83196330-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSpinLockExclusiveAtDpcLevel, Type: EAT modification 0x83196334-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSpinLockShared, Type: EAT modification 0x83196338-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSpinLockSharedAtDpcLevel, Type: EAT modification 0x8319633C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocateCacheAwarePushLock, Type: EAT modification 0x83196340-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocateCacheAwareRundownProtection, Type: EAT modification 0x83196344-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocateFromPagedLookasideList, Type: EAT modification 0x83196348-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePool, Type: EAT modification 0x8319634C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithQuota, Type: EAT modification 0x83196350-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithQuotaTag, Type: EAT modification 0x83196354-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithTag, Type: EAT modification 0x83196358-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithTagPriority, Type: EAT modification 0x8319635C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExConvertExclusiveToSharedLite, Type: EAT modification 0x83196360-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExCreateCallback, Type: EAT modification 0x83196364-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeleteLookasideListEx, Type: EAT modification 0x83196368-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeleteNPagedLookasideList, Type: EAT modification 0x8319636C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeletePagedLookasideList, Type: EAT modification 0x83196370-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeleteResourceLite, Type: EAT modification 0x83196374-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDesktopObjectType, Type: EAT modification 0x83196378-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDisableResourceBoostLite, Type: EAT modification 0x8319637C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireFastMutexUnsafe, Type: EAT modification 0x8319603C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireResourceExclusive, Type: EAT modification 0x83196380-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireResourceShared, Type: EAT modification 0x83196384-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireSharedWaitForExclusive, Type: EAT modification 0x83196388-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterPriorityRegionAndAcquireResourceExclusive, Type: EAT modification 0x8319638C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterPriorityRegionAndAcquireResourceShared, Type: EAT modification 0x83196390-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnumHandleTable, Type: EAT modification 0x83196394-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEventObjectType, Type: EAT modification 0x83196398-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExExtendZone, Type: EAT modification 0x8319639C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfAcquirePushLockExclusive, Type: EAT modification 0x83196094-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfAcquirePushLockShared, Type: EAT modification 0x83196098-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFetchLicenseData, Type: EAT modification 0x831963A0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exfi386InterlockedDecrementLong, Type: EAT modification 0x831960D0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exfi386InterlockedExchangeUlong, Type: EAT modification 0x831960D4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exfi386InterlockedIncrementLong, Type: EAT modification 0x831960D8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedAddUlong, Type: EAT modification 0x8319609C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedCompareExchange64, Type: EAT modification 0x831960A0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedInsertHeadList, Type: EAT modification 0x831960A4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedInsertTailList, Type: EAT modification 0x831960A8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedPopEntryList, Type: EAT modification 0x831960AC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedPushEntryList, Type: EAT modification 0x831960B0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedRemoveHeadList, Type: EAT modification 0x831960B4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFlushLookasideListEx, Type: EAT modification 0x831963A4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreeCacheAwarePushLock, Type: EAT modification 0x831963A8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreeCacheAwareRundownProtection, Type: EAT modification 0x831963AC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreePool, Type: EAT modification 0x831963B0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreePoolWithTag, Type: EAT modification 0x831963B4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreeToPagedLookasideList, Type: EAT modification 0x831963B8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfReleasePushLock, Type: EAT modification 0x831960B8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfReleasePushLockExclusive, Type: EAT modification 0x831960BC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfReleasePushLockShared, Type: EAT modification 0x831960C0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfTryAcquirePushLockShared, Type: EAT modification 0x831960C4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfTryToWakePushLock, Type: EAT modification 0x831960C8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfUnblockPushLock, Type: EAT modification 0x831960CC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetCurrentProcessorCounts, Type: EAT modification 0x831963BC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetCurrentProcessorCpuUsage, Type: EAT modification 0x831963C0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetExclusiveWaiterCount, Type: EAT modification 0x831963C4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetLicenseTamperState, Type: EAT modification 0x831963C8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetPreviousMode, Type: EAT modification 0x831963CC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetSharedWaiterCount, Type: EAT modification 0x831963D0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exi386InterlockedDecrementLong, Type: EAT modification 0x831964B8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exi386InterlockedExchangeUlong, Type: EAT modification 0x831964BC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exi386InterlockedIncrementLong, Type: EAT modification 0x831964C0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExiAcquireFastMutex, Type: EAT modification 0x831960DC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeLookasideListEx, Type: EAT modification 0x831963D4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeNPagedLookasideList, Type: EAT modification 0x831963D8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializePagedLookasideList, Type: EAT modification 0x831963DC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializePushLock, Type: EAT modification 0x831963E0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeResourceLite, Type: EAT modification 0x831963E4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeRundownProtection, Type: EAT modification 0x83196040-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeRundownProtectionCacheAware, Type: EAT modification 0x831963E8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeZone, Type: EAT modification 0x831963EC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedAddLargeInteger, Type: EAT modification 0x831963F0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedAddLargeStatistic, Type: EAT modification 0x83196044-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedAddUlong, Type: EAT modification 0x831963F4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedCompareExchange64, Type: EAT modification 0x83196048-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedDecrementLong, Type: EAT modification 0x831963F8-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedExchangeUlong, Type: EAT modification 0x831963FC-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedExtendZone, Type: EAT modification 0x83196400-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedFlushSList, Type: EAT modification 0x8319604C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedIncrementLong, Type: EAT modification 0x83196404-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedInsertHeadList, Type: EAT modification 0x83196408-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedInsertTailList, Type: EAT modification 0x8319640C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPopEntryList, Type: EAT modification 0x83196410-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPopEntrySList, Type: EAT modification 0x83196050-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPushEntryList, Type: EAT modification 0x83196414-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPushEntrySList, Type: EAT modification 0x83196054-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedRemoveHeadList, Type: EAT modification 0x83196418-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExiReleaseFastMutex, Type: EAT modification 0x831960E0-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExIsProcessorFeaturePresent, Type: EAT modification 0x8319641C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExIsResourceAcquiredExclusiveLite, Type: EAT modification 0x83196420-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExIsResourceAcquiredSharedLite, Type: EAT modification 0x83196424-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExiTryToAcquireFastMutex, Type: EAT modification 0x831960E4-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExLocalTimeToSystemTime, Type: EAT modification 0x83196428-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExNotifyCallback, Type: EAT modification 0x8319642C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExQueryAttributeInformation, Type: EAT modification 0x83196430-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExQueryPoolBlockSize, Type: EAT modification 0x83196434-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExQueueWorkItem, Type: EAT modification 0x83196438-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseAccessViolation, Type: EAT modification 0x8319643C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseDatatypeMisalignment, Type: EAT modification 0x83196440-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseException, Type: EAT modification 0x83196444-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseHardError, Type: EAT modification 0x83196448-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseStatus, Type: EAT modification 0x8319644C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRegisterAttributeInformationCallback, Type: EAT modification 0x83196450-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRegisterCallback, Type: EAT modification 0x83196454-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRegisterExtension, Type: EAT modification 0x83196458-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReinitializeResourceLite, Type: EAT modification 0x8319645C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReInitializeRundownProtection, Type: EAT modification 0x83196058-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReInitializeRundownProtectionCacheAware, Type: EAT modification 0x8319605C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseCacheAwarePushLockExclusive, Type: EAT modification 0x83196460-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseFastMutexUnsafe, Type: EAT modification 0x83196060-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseFastMutexUnsafeAndLeaveCriticalRegion, Type: EAT modification 0x83196064-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceAndLeaveCriticalRegion, Type: EAT modification 0x83196068-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceAndLeavePriorityRegion, Type: EAT modification 0x8319606C-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceForThreadLite, Type: EAT modification 0x83196464-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceLite, Type: EAT modification 0x83196070-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtection, Type: EAT modification 0x83196074-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtectionCacheAware, Type: EAT modification 0x83196078-->82E44000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtectionCache

Then Eset online scanner has found 2 viruses but for some reason wouldn't show or save any log. I have no idea why, so I've written down the names: variant of win32/Keygen.AJ and variant of win32/Keygen.AG, both deleted and quarantined. Then I tried to perform second scan and suddently it finally showed the report. So here it is:

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=4cad67ed18164c4e981822679786a20e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# u

**Maniac** · 13-03-2011, 11:24 AM

Your system seems to be clean. There were only key generators that contains malicious code. How are things there?