by Jacob A » December 26th, 2010, 10:00 am
Hello deltalima removed the programs and here you have the log!
Had to delete the files text content since : Your message contains 438222 characters. The maximum number of allowed characters is 100000.
All of them were hidden files in World of Warcraft folder.
RkU Scan:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB3129000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 5894144 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xA1F16000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5226496 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBD241000 C:\WINDOWS\System32\ati3duag.dll 3985408 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBD60E000 C:\WINDOWS\System32\ativvaxx.dll 2670592 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT:s kernel och system)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Win32-drivrutin för flera användare)
0xB7EAE000 PCI_PNP1272 1019904 bytes
0xB7EAE000 spgv.sys 1019904 bytes
0xB7EAE000 sptd 1019904 bytes
0xBD060000 C:\WINDOWS\System32\ati2cqag.dll 765952 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBD11B000 C:\WINDOWS\System32\atikvmag.dll 716800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB7CDB000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBD1CA000 C:\WINDOWS\System32\atiok3x2.dll 487424 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
0xA1D5B000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAE454000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA1E66000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9DD9F000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9D8B5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAE52D000 C:\WINDOWS\System32\Drivers\ao7imjj1.SYS 233472 bytes (Promise Technology, Inc., Promise FastTrak TX4650/2650 Driver for Windows family)
0xB7DC4000 FTT3.sys 221184 bytes (Promise Technology, Inc., Promise FastTrak TX4650/2650 Driver for Windows family)
0xAE4D5000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7E68000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-drivrutin för NT)
0x9E104000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7CAE000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x991F5000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA1DCB000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAE566000 C:\WINDOWS\system32\DRIVERS\m4cxwxp.sys 172032 bytes (D-Link Corporation, NDIS5.1 Miniport Driver for D-Link DGE-530T Gigabit Ethernet Adapter)
0xAE5B4000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA1E3E000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0x9D513000 C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys 159744 bytes (Norman ASA, NVC MiniFilter)
0xB7E12000 dmio.sys 155648 bytes (Microsoft Corporation, Veritas Software, I/O-drivrutin för NT-diskhanterare)
0xA1E18000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA1EF2000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xAE590000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAE4B2000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA1DF6000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9DC16000 C:\Program\CyberLink\PowerDVD8\000.fcl 135168 bytes (Cyberlink Corp., FCL Driver)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7DA4000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7E38000 ftdisk.sys 126976 bytes (Microsoft Corporation, Drivrutin för FT Disk)
0xB7C94000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7DFA000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA1D1B000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7E96000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7D7B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAE516000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9DFFF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0x9D487000 C:\Program\MSI\DualCoreCenter\RushTop.sys 81920 bytes (Your Corporation, Description string for RushTop driver)
0xAE5DC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA1EBF000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB7D68000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7D92000 sr.sys 73728 bytes (Microsoft Corporation, Filterdrivrutin för Systemåterställning)
0xB7E57000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare)
0xAE505000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB2A7B000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB82A8000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8218000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB80B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB8298000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Seriell drivrutin)
0xB8178000 C:\WINDOWS\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
0xB24D4000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB8238000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB82C8000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Drivrutin för Redbook-ljudfilter)
0x9E0BC000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8268000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80C8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB82D8000 C:\WINDOWS\System32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xB8108000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB2818000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Drivrutin för i8042 Port)
0xB3758000 C:\Norman\Ngs\Bin\nprosec.sys 53248 bytes (Norman ASA, Norman Process Security Driver)
0xAE64E000 C:\Program\MSI\DualCoreCenter\NTGLM7X.sys 53248 bytes (MICRO-STAR INT'L CO., LTD., NTGLM7X.sys)
0xB2848000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Drivrutin för ögonblicksbilder av volymer)
0xB81F8000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xB8198000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB24B4000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Drivrutin för FIPS-krypto)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB2838000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bussdrivrutin)
0xB8228000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB81D8000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB2E51000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB81E8000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB2494000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9D609000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB8258000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8430000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8440000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB83C0000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB84A0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB12AD000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin)
0xB8328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB16CA000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xAE6D6000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Musklassdrivrutin)
0xB83A8000 C:\WINDOWS\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0xB84B0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8348000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xAE6EE000 C:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xB8480000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB1D43000 c:\norman\ngs\bin\ngs.sys 20480 bytes (Norman ASA, Norman General Security Driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xAE716000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xAE6F6000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xAE6E6000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB1D3B000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB8400000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x9E155000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0x9BE36000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xB85A4000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA1BE2000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB857C000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB2DF5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB7C54000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB12E7000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus)
0xA18A2000 C:\Norman\Nse\bin\NDISKIO.SYS 12288 bytes (Norman ASA, Low-level disk I/O driver for Windows NT)
0xB38AB000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB8588000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8558000 C:\WINDOWS\System32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB861E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB8668000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB861C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8620000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8662000 C:\WINDOWS\nvoclock.sys 8192 bytes (NVidia Corp., NVidia System Utility Driver)
0xB8624000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB8612000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8614000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8671000 amdide.sys 4096 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver)
0xB171F000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB2E14000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xAE72B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE-bussdrivrutin)
0x8A8DE1F8 unknown_irp_handler 3592 bytes
0x8A8DF1F8 unknown_irp_handler 3592 bytes
0x8A8E01F8 unknown_irp_handler 3592 bytes
0x8A9541F8 unknown_irp_handler 3592 bytes
0x8A498470 unknown_irp_handler 2960 bytes
0x8A4CB470 unknown_irp_handler 2960 bytes
0x8A492470 unknown_irp_handler 2960 bytes
0x8A494470 unknown_irp_handler 2960 bytes
0x8A48C470 unknown_irp_handler 2960 bytes
0x8A507470 unknown_irp_handler 2960 bytes
0x8A4DF470 unknown_irp_handler 2960 bytes
==============================================
>Stealth
==============================================
0x06490000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 102400 bytes
0x07120000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 102400 bytes
0x01010000 Hidden Image-->CLI.Component.Eeu.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 1069056 bytes
0x01230000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 110592 bytes
0x05090000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 110592 bytes
0x06320000 Hidden Image-->Branding.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 110592 bytes
0x00D20000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x89D08568 ] PID: 1152, 118784 bytes
0x03890000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 118784 bytes
0x06DE0000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 1232896 bytes
0x049E0000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 167936 bytes
0x068A0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 1748992 bytes
0x07520000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 192512 bytes
0x06130000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 208896 bytes
0x06A50000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 217088 bytes
0x070D0000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 282624 bytes
0x012C0000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x89D08568 ] PID: 1152, 28672 bytes
0x03600000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x89D08568 ] PID: 1152, 28672 bytes
0x01220000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x01250000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04140000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04450000 Hidden Image-->AEM.Plugin.WinMessages.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x043F0000 Hidden Image-->AEM.Server.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04410000 Hidden Image-->AEM.Plugin.DPPE.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04430000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04580000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x045A0000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04A20000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04A50000 Hidden Image-->AEM.Plugin.GD.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04A60000 Hidden Image-->AEM.Actions.CCAA.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04A90000 Hidden Image-->ResourceManagement.Foundation.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04BC0000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04F40000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05000000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05100000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x051A0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05320000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x052C0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05380000 Hidden Image-->DEM.Graphics.I0706.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05360000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05390000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x053F0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05410000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05470000 Hidden Image-->DEM.Graphics.I0703.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05530000 Hidden Image-->atixclib.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05A60000 Hidden Image-->CLI.Caste.HydraVision.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05A90000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05D00000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05CF0000 Hidden Image-->AEM.Plugin.REG.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05E30000 Hidden Image-->AEM.Plugin.EEU.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x06070000 Hidden Image-->CLI.Component.Wizard.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x06060000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x060C0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x06100000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x06350000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x065C0000 Hidden Image-->CLI.Caste.HydraVision.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x06F10000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x03CA0000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x89D08568 ] PID: 1152, 36864 bytes
0x01150000 Hidden Image-->CLI.Aspect.MultiVPU4.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x01170000 Hidden Image-->CLI.Aspect.ALICrossfire.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x01190000 Hidden Image-->CLI.Aspect.PowerXpress.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x038D0000 Hidden Image-->CLI.Foundation.XManifest.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x03990000 Hidden Image-->AxInterop.WBOCXLib.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x03A60000 Hidden Image-->Interop.WBOCXLib.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x041B0000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x04F50000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x04FE0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x04FF0000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x05020000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x05160000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x05150000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x05A50000 Hidden Image-->CLI.Caste.HydraVision.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x06080000 Hidden Image-->CLI.Component.Wizard.Shared.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x060A0000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x071B0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 389120 bytes
0x04960000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 397312 bytes
0x07140000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 405504 bytes
0x07220000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 405504 bytes
0x05FF0000 Hidden Image-->CLI.Component.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 413696 bytes
0x06540000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 421888 bytes
0x07010000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 421888 bytes
0x01220000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x89D08568 ] PID: 1152, 45056 bytes
0x01290000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x89D08568 ] PID: 1152, 45056 bytes
0x03C90000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x89D08568 ] PID: 1152, 45056 bytes
0x00D20000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 45056 bytes
0x01210000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 45056 bytes
0x01290000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 45056 bytes
0x04150000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 45056 bytes
0x04F80000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 45056 bytes
0x04F90000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 45056 bytes
0x045B0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 462848 bytes
0x03C30000 Hidden Image-->CLI.Foundation.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x041A0000 Hidden Image-->AEM.Server.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x04400000 Hidden Image-->AEM.Plugin.Source.Kit.Server.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x04570000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x04F10000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x04F20000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x04F70000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x05190000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x052F0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x05EE0000 Hidden Image-->CLI.Component.Client.Shared.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x06340000 Hidden Image-->CLI.Caste.Graphics.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x07290000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 585728 bytes
0x05E40000 Hidden Image-->CLI.Component.Systemtray.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 593920 bytes
0x03C20000 Hidden Image-->CLI.Component.Runtime.Shared.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 61440 bytes
0x04FD0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 61440 bytes
0x053D0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 61440 bytes
0x052B0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 61440 bytes
0x053A0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 61440 bytes
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
0x07570000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 684032 bytes
0x038B0000 Hidden Image-->CLI.Component.SkinFactory.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 69632 bytes
0x03BF0000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 69632 bytes
0x052D0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 69632 bytes
0x05A70000 Hidden Image-->APM.Server.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 69632 bytes
0x07550000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 69632 bytes
0x06260000 Hidden Image-->ResourceManagement.Foundation.Implementation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 749568 bytes
0x012A0000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x89D08568 ] PID: 1152, 77824 bytes
0x01260000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x04FB0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x050B0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x050D0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x05130000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x05330000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x06110000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x05050000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 86016 bytes
0x05170000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 86016 bytes
0x060E0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 86016 bytes
0x07410000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 888832 bytes
0x04180000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 94208 bytes
0x05030000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 94208 bytes
==============================================
>Files
==============================================
Deleted.
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D53C, Type: Inline - RelativeJump 0x8050453C-->805044F7 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D884, Type: Inline - RelativeJump 0x80504884-->8050483F [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D8D4, Type: Inline - RelativeJump 0x805048D4-->8050488F [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[1220]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[1256]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DC1218-->00000000 [shimeng.dll]
[1256]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1256]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1256]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1256]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[1256]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x40C114B0-->00000000 [shimeng.dll]
[1256]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AA109C-->00000000 [shimeng.dll]
[1508]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E3B531E-->00000000 [xul.dll]