Question: Still having issues after resolved Last HJT..

scrypt · 10-21-2009

Hello all at PCHelp Forum.

It hasn't been that long since I had my last HJT File checked.

But I am having some real trouble with my laptop.

after doing all the suggestions from my last hjt lofile my lasptop rn well fro about 3 days but after that time it has been getting worse and there are some unusual looking processes running in my system.

I am having quite a few issues including not having uninstallation options for certain programs along with other problems.

I am not sure if maybe something might have been missed when we last tried to clean my pc.

Can somebody please take a good look at mr new HJT logfile please?

also could somebody please help me to remove all malware of ANYKIND and laso help me to remove some of the troublesome programs!

I have posted my latest HJT L/File with this post.

Thanks

scrypt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:11:29, on 22/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_559ad4ac\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_559ad4ac\aestsrv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe
C:\Program Files\isposure\IsposureAgent.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\mmc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [tbbMeter] C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [iolo FW Renewal] ipconfig /renew
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C0C75AA-FE3D-4E8B-BC3A-B977B175ED9A}: NameServer = 192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_559ad4ac\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Program Files\isposure\IsposureAgent.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_559ad4ac\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9672 bytes

Crush · 10-22-2009

Hi Scrypt,

I'm Crush the PCHF Security Team Leader and I'll be helping you to remove your Malware. Before we begin there aree some things that you should know:

1. We are all volunteer staff here at PCHF so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Please do not run any tools or fixes unless asked to do so by myself or a member of the Security Team

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous. PCHF does not assume any responsibility for users that decide to do so

6. If you have any questions or issues please stop and ask! We are all here to help.

With that out of the way:

Please review the link for Prework located in my signature. This will guide you through the tried and tested method for Malware Removal here at PCHF. Once you have read the thread in its entirety and anything linked from it, please download and run the requested programs and post back here with the logfiles generated and we'll go from there

scrypt · 10-23-2009

Hello Crush

Nice to speak to you again.

I am glad you are helping me.

scrypt · 10-23-2009

I can run Rootrepeal and Securitycheck

but i cant run DDS.src ot gives me this error:

C:\Users\Mark\Desktop\dds.src is not a valid Win32 application.

what should I do about this Crush??

scrypt · 10-23-2009

For some reason my system thinks DDs.src is a screen saver.

Here is the output from Rootrepeal :

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/23 15:41
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name:
Image Path: ti(0)disk(0)rdisk(0)partition(1)\Windows\
Address: 0x92B7D000 Size: 40960 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: 6
Image Path: 6
Address: 0x92A02000 Size: 548864 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: ccHP
Image Path: \Driver\ccHP
Address: 0x94A96000 Size: 520192 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x949AA000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x949B5000 Size: 40960 File Visible: No Signed: -
Status: -

Name: pctgntdi
Image Path: \Driver\pctgntdi
Address: 0x920D1000 Size: 223232 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: PctWfpFilter.sys
Image Path: \ArcName\multi(0)disk(0)rdisk(0)partition(1)\Windo ws\system32\drivers\PctWfpFilter.sys
Address: 0x91F00000 Size: 118784 File Visible: No Signed: -
Status: -

Name: PctWfpFilter.sys
Image Path: 2\drivers\PctWfpFilter.sys
Address: 0x92B6F000 Size: 53376 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA57E9000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV
Image Path: \Driver\SASDIFSV
Address: 0x92AE4000 Size: 24576 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: SASKUTIL
Image Path: \Driver\SASKUTIL
Address: 0x92ABF000 Size: 151552 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: spqv.sys
Image Path: C:\Windows\System32\Drivers\spqv.sys
Address: 0x8268D000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: 祔数
Image Path: 祔数
Address: 0x92B26000 Size: 296576 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: ��禂ᅇ
Image Path: ��禂ᅇ
Address: 0x92A9E000 Size: 57344 File Visible: No Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{07b8dd92-bfb9-11de-9418-002219dec3e0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{07b8dd96-bfb9-11de-9418-002219dec3e0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9c6fa8b0-bfbe-11de-9d85-002219dec3e0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6b d6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.c at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_ 1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf .cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_ 1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf 3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_ 1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91 .cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6 bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_ 1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578 ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.cr t_1fc8b3b9a1e18e3b_9.0.21022.8_none_750b37ff97f4f6 8b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_ 1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7 ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_5 8843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_ 1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada .cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c40 03bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.micros oft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_3da 38fdebd0e6822.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e0 53e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.open mp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218 504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcl oc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd 3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7a b8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6b d6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.c at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.micros oft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_18f 8a87fd1919cd9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7 658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a1 4c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_ 1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24a d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6b d6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.c at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_81 8f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_919 3a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c1 1df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.cr t_1fc8b3b9a1e18e3b_9.0.30729.1_none_99b61f5e8371c1 d4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_ 1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a 2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_51 6953ad0f4d16c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b1 9c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4d dfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsof t.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031 cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_ 8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcl oc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e1 6e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.open mp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547 f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e 0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25 f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6 bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcl oc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf1783 1d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0 efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_ 1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef 17b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microso ft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6 920e9f98fc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c 6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_ 1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e .cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.open mp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e50 7087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_ 1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76 806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5d f56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microso ft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5 dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_ 1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8 f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_ 1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af 1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005 _none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005 _none_04642e8a80bb8b27\MIC237~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a25 4f52777a\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_non e_29a6eeebde589a97\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_non e_2a3e34a2f76b9db7\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_non e_2b9dff39db71a7a1\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_non e_2be9bd5af4bd3b16\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18005_non e_2d991295d888a8b3\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.1 8005_none_b5c807ab2d93d829\SYSTEM~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.1 8005_none_b5c807ab2d93d829\System Performance.xml:0v1ieca3Feahez0jAwxjjk5uRh
Status: Invisible to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.1 8005_none_b5c807ab2d93d829\System Performance.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Invisible to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3 d90d406f6a60fcd\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3 d90d406f6a60fcd\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3 d90d406f6a60fcd\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_ none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_ none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_ none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_ none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_ none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_ none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_ none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_ none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_ none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_ none_4b2b163f056ebb45\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_ none_4b2b163f056ebb45\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_ none_4b2b163f056ebb45\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_ none_4cec3f51e92bbb79\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_ none_4cec3f51e92bbb79\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_ none_4cec3f51e92bbb79\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16 708_en-us_b9851a92245b1b73\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20 864_en-us_b9c9d6ad3dacfd87\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_non e_9b31bbe79077558b\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16720_none_a5 4ef540d05f91fc\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.20883_none_8e 870be4ea01d6ef\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.18111_none_a5 29d9f6d0b19e9d\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.22230_none_8e 5e4a92ea5717b0\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_non e_8469d28baa199a7e\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.secu rity.azroles_31bf3856ad364e35_6.0.6000.16386_none_ ea83414c2e75b887\Microsoft.Interop.Security.AzRole s.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_6.0.6002.18005_none_fe396 815d7e3cf11\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391 163f08d7422\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f4 3a7f094a691\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18828_none_df297 52df0984135\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b628 6870146b\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18005_none_0d553c2b 4c3b84e1\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca3 4c6c2c87\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a4 65949c3d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.167 20_none_38b929534b68462d\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.208 83_none_21f13ff7650a8b20\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.181 11_none_38940e094bba52ce\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.222 30_none_21c87ea5655fcbe1\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_ none_7c654fdc62654993\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_ none_659d66807c078e86\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_ none_7c40349262b75634\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_ none_6574a52e7c5ccf47\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 00.16720_none_48d018cce81ec9cb\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 00.16720_none_48d018cce81ec9cb\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 00.20883_none_32082f7101c10ebe\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 00.20883_none_32082f7101c10ebe\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 01.18111_none_48aafd82e870d66c\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 01.18111_none_48aafd82e870d66c\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 01.22230_none_31df6e1f02164f7f\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 01.22230_none_31df6e1f02164f7f\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6 000.16720_none_b898612ecd927be5\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6 000.20883_none_a1d077d2e734c0d8\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6 001.18111_none_b87345e4cde48886\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6 001.22230_none_a1a7b680e78a0199\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.1672 0_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.2088 3_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.1811 1_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.2223 0_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_non e_0bca521ee450d037\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_non e_0c16103ffd9c63ac\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_non e_0dbc60fae16e5e8e\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_non e_0e2f5da3fa9d1ce3\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_non e_9b0ca09d90c9622c\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.22230_non e_84411139aa6edb3f\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b 05f09aa2a6a\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22918_none_dfbde 1e509adc50e\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18 096_en-us_bb08077221cc7808\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22 208_en-us_bbf4f6033a9f4c2e\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18 005_en-us_bd4ece0e1eaaafd1\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57 522f812d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb0 6b4f218b\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\System\SYSTEM~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\System\System Performance.xml:0v1ieca3Feahez0jAwxjjk5uRh
Status: Invisible to the Windows API!

Path: C:\Windows\PLA\System\System Performance.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Invisible to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASPN ET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYST EM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\Scm\SCM.EVM
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MIC237~1.MA N
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MI2095~1.MA N
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\Logs\WMITracing.log
Status: Locked to the Windows API!

Path: C:\Windows\temp\IswTmp\Logs\ISWSHEX.swl
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: c:\programdata\norton\00000082\00000109\000003c3\c ltlms1.dat
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\programdata\norton\00000082\00000109\000003c3\c ltlms2.dat
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\logs\dadown.dat
Status: Allocation size mismatch (API: 12288, Raw: 8192)

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.In terop.Security.AzRoles\6.0.6000.16386__31bf3856ad3 64e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Users\Mark\AppData\Local\temp\IswTmp\Logs\ISWSH EX.swl
Status: Locked to the Windows API!

Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Gmx.co (mar cf\Inbox\60916D~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Gmx.co (mar cf\Inbox\33025B~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\m.a.r.k@sky.com (2)\Inbox\7F967F~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.

Path: C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 011.ci
Status: Visible to the Windows API, but not on disk.

Path: C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 011.dir
Status: Visible to the Windows API, but not on disk.

Path: C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 011.wid
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Storage Folders (5)\Recovered items\10-15-2009 823\mark.hogan@ d0a\Inbox\30EF68~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Storage Folders (5)\Recovered items\10-15-2009 823\Storage Fol 43b\Recovered items\10-12-2009 823\mark.hogan@ 47d\Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1260 Status: Locked to the Windows API!

SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x885b4048

#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x88592048

#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x88827a30

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2e08c

#: 022 Function Name: NtAlpcCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2e95c

#: 042 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x8872c048

#: 054 Function Name: NtConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2dae2

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f2643a

#: 064 Function Name: NtCreateKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e45a90

#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x888558e8

#: 071 Function Name: NtCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2e5ec

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e41f54

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e4237c

#: 075 Function Name: NtCreateSection
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e4a354

#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x888552f0

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8884e648

#: 115 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2e74a

#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x886d3048

#: 122 Function Name: NtDeleteFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f26586

#: 123 Function Name: NtDeleteKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f29a36

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f29a68

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e40d92

#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x88827890

#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x88646048

#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x88607048

#: 165 Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e20386

#: 166 Function Name: NtLoadKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e47e70

#: 167 Function Name: NtLoadKey2
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e480ae

#: 168 Function Name: NtLoadKeyEx
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e48560

#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e4a710

#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8862cc10

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f264ea

#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e43fac

#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x87a3d068

#: 197 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x88680048

#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x88827c58

#: 210 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e571f4

#: 252 Function Name: NtQueryValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f29b3c

#: 267 Function Name: NtRenameKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f29aa6

#: 268 Function Name: NtReplaceKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f29ad8

#: 276 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2d67a

#: 280 Function Name: NtRestoreKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f29b0a

#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8852b108

#: 286 Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2ddae

#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x87a39df8

#: 301 Function Name: NtSetInformationFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f265e6

#: 304 Function Name: NtSetInformationObject
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e570b8

#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x88827658

#: 314 Function Name: NtSetSecurityObject
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e4987e

#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e1fa40

#: 324 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f299d6

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x88652048

#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x87a42120

#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e43078

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e42da8

#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x88522108

#: 342 Function Name: NtUnloadDriver
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e207d8

#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x87a40270

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x88827960

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0x888553c0

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e427f0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x855251f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x855231f8 Size: 121

Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_CREATE]
Process: System Address: 0x866db1f8 Size: 121

Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_CLOSE]
Process: System Address: 0x866db1f8 Size: 121

Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_READ]
Process: System Address: 0x866db1f8 Size: 121

Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_WRITE]
Process: System Address: 0x866db1f8 Size: 121

Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x866db1f8 Size: 121

Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x866db1f8 Size: 121

Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x866db1f8 Size: 121

Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_SHUTDOWN]
Process: System Address: 0x866db1f8 Size: 121

Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_POWER]
Process: System Address: 0x866db1f8 Size: 121

Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x866db1f8 Size: 121

Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_PNP]
Process: System Address: 0x866db1f8 Size: 121

Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_CREATE]
Process: System Address: 0x8659d1f8 Size: 121

Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_CLOSE]
Process: System Address: 0x8659d1f8 Size: 121

Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8659d1f8 Size: 121

Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8659d1f8 Size: 121

Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_POWER]
Process: System Address: 0x8659d1f8 Size: 121

Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8659d1f8 Size: 121

Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_PNP]
Process: System Address: 0x8659d1f8 Size: 121

Object: Hidden Code [Driver: Smb前Ѕ瑎硦, IRP_MJ_CREATE]
Process: System Address: 0x86d101f8 Size: 121

Object: Hidden Code [Driver: Smb前Ѕ瑎硦, IRP_MJ_CLOSE]
Process: System Address: 0x86d101f8 Size: 121

Object: Hidden Code [Driver: Smb前Ѕ瑎硦, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d101f8 Size: 121

Object: Hidden Code [Driver: Smb前Ѕ瑎硦, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d101f8 Size: 121

Object: Hidden Code [Driver: Smb前Ѕ瑎硦, IRP_MJ_CLEANUP]
Process: System Address: 0x86d101f8 Size: 121

Object: Hidden Code [Driver: Smb前Ѕ瑎硦, IRP_MJ_PNP]
Process: System Address: 0x86d101f8 Size: 121

Object: Hidden Code [Driver: netbt蛏, IRP_MJ_CREATE]
Process: System Address: 0x86b41500 Size: 121

Object: Hidden Code [Driver: netbt蛏, IRP_MJ_CLOSE]
Process: System Address: 0x86b41500 Size: 121

Object: Hidden Code [Driver: netbt蛏, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b41500 Size: 121

Object: Hidden Code [Driver: netbt蛏, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b41500 Size: 121

Object: Hidden Code [Driver: netbt蛏, IRP_MJ_CLEANUP]
Process: System Address: 0x86b41500 Size: 121

Object: Hidden Code [Driver: netbt蛏, IRP_MJ_PNP]
Process: System Address: 0x86b41500 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_CREATE]
Process: System Address: 0x866bb1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_CLOSE]
Process: System Address: 0x866bb1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x866bb1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x866bb1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_POWER]
Process: System Address: 0x866bb1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x866bb1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_PNP]
Process: System Address: 0x866bb1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x855211f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x855211f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x855211f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x855211f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x855211f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x855211f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x855211f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x855211f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x855211f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x855211f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x855211f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8659e1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8659e1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8659e1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8659e1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8659e1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8659e1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8659e1f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]
Process: System Address: 0x855241f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x855241f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]
Process: System Address: 0x855241f8 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_CREATE]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_CLOSE]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_READ]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_WRITE]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_QUERY_EA]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SET_EA]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_CLEANUP]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_POWER]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_PNP]
Process: System Address: 0x86541500 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_CREATE]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_CLOSE]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_READ]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_WRITE]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_SHUTDOWN]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_CLEANUP]
Process: System Address: 0x897101f8 Size: 121

Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_PNP]
Process: System Address: 0x897101f8 Size: 121

==EOF==

scrypt · 10-23-2009

Here is the output from SecurityCheck :

Results of screen317's Security Check version 0.99.0
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
ZoneAlarm Pro
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
CA Yahoo! Anti-Spy (remove only)
Spy Sweeper Core
SUPERAntiSpyware Professional
Secunia PSI
Sophos Anti-Rootkit 1.5.0
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Zone Labs ZoneAlarm zlclient.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

scrypt · 10-23-2009

I also noticed this from My SecurityCheck report :

Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
ZoneAlarm Pro
Antivirus up to date! (On Access scanning disabled!)

At the bottom it states that On Access scanning is disabled.

This is NOT the case, my Norton IS 2010 says that on access scanning is turned on!

10-21-2009	#1
scrypt Tech Member Join Date: Jan 2009 Posts: 185 PC Experience: Experienced	Still having issues after resolved Last HJT.. Hello all at PCHelp Forum. It hasn't been that long since I had my last HJT File checked. But I am having some real trouble with my laptop. after doing all the suggestions from my last hjt lofile my lasptop rn well fro about 3 days but after that time it has been getting worse and there are some unusual looking processes running in my system. I am having quite a few issues including not having uninstallation options for certain programs along with other problems. I am not sure if maybe something might have been missed when we last tried to clean my pc. Can somebody please take a good look at mr new HJT logfile please? also could somebody please help me to remove all malware of ANYKIND and laso help me to remove some of the troublesome programs! I have posted my latest HJT L/File with this post. Thanks scrypt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:11:29, on 22/10/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_559ad4ac\STacSV.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\ZoneLabs\vsmon.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_559ad4ac\aestsrv.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Windows\system32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe C:\Program Files\isposure\IsposureAgent.exe C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe C:\Windows\System32\TUProgSt.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Windows\system32\DllHost.exe C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\mmc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe" O4 - HKLM\..\Run: [tbbMeter] C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunOnce: [iolo FW Renewal] ipconfig /renew O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4C0C75AA-FE3D-4E8B-BC3A-B977B175ED9A}: NameServer = 192.168.0.1 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_559ad4ac\aestsrv.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Program Files\isposure\IsposureAgent.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_559ad4ac\STacSV.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 9672 bytes

10-22-2009	#2
Crush Tech Support Team Join Date: Sep 2008 Location: Caldwell, New Jersey Posts: 10,658 PC Experience: Always Learning New Things	Re: Still having issues after resolved Last H Hi Scrypt, I'm Crush the PCHF Security Team Leader and I'll be helping you to remove your Malware. Before we begin there aree some things that you should know: 1. We are all volunteer staff here at PCHF so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this. 2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries 3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected. 4. Please do not run any tools or fixes unless asked to do so by myself or a member of the Security Team 5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous. PCHF does not assume any responsibility for users that decide to do so 6. If you have any questions or issues please stop and ask! We are all here to help. With that out of the way: Please review the link for Prework located in my signature. This will guide you through the tried and tested method for Malware Removal here at PCHF. Once you have read the thread in its entirety and anything linked from it, please download and run the requested programs and post back here with the logfiles generated and we'll go from there __________________ Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this

10-23-2009	#3
scrypt Tech Member Join Date: Jan 2009 Posts: 185 PC Experience: Experienced	Re: Still having issues after resolved Last H Hello Crush Nice to speak to you again. I am glad you are helping me.

10-23-2009	#4
scrypt Tech Member Join Date: Jan 2009 Posts: 185 PC Experience: Experienced	Re: Still having issues after resolved Last H I can run Rootrepeal and Securitycheck but i cant run DDS.src ot gives me this error: C:\Users\Mark\Desktop\dds.src is not a valid Win32 application. what should I do about this Crush??

10-23-2009	#5
scrypt Tech Member Join Date: Jan 2009 Posts: 185 PC Experience: Experienced	Re: Still having issues after resolved Last H For some reason my system thinks DDs.src is a screen saver. Here is the output from Rootrepeal : ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/10/23 15:41 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: Image Path: ti(0)disk(0)rdisk(0)partition(1)\Windows\ Address: 0x92B7D000 Size: 40960 File Visible: No Signed: - Status: Hidden from the Windows API! Name: 6 Image Path: 6 Address: 0x92A02000 Size: 548864 File Visible: No Signed: - Status: Hidden from the Windows API! Name: ccHP Image Path: \Driver\ccHP Address: 0x94A96000 Size: 520192 File Visible: No Signed: - Status: Hidden from the Windows API! Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x949AA000 Size: 45056 File Visible: No Signed: - Status: - Name: dump_msahci.sys Image Path: C:\Windows\System32\Drivers\dump_msahci.sys Address: 0x949B5000 Size: 40960 File Visible: No Signed: - Status: - Name: pctgntdi Image Path: \Driver\pctgntdi Address: 0x920D1000 Size: 223232 File Visible: No Signed: - Status: Hidden from the Windows API! Name: PctWfpFilter.sys Image Path: \ArcName\multi(0)disk(0)rdisk(0)partition(1)\Windo ws\system32\drivers\PctWfpFilter.sys Address: 0x91F00000 Size: 118784 File Visible: No Signed: - Status: - Name: PctWfpFilter.sys Image Path: 2\drivers\PctWfpFilter.sys Address: 0x92B6F000 Size: 53376 File Visible: No Signed: - Status: Hidden from the Windows API! Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA57E9000 Size: 49152 File Visible: No Signed: - Status: - Name: SASDIFSV Image Path: \Driver\SASDIFSV Address: 0x92AE4000 Size: 24576 File Visible: No Signed: - Status: Hidden from the Windows API! Name: SASKUTIL Image Path: \Driver\SASKUTIL Address: 0x92ABF000 Size: 151552 File Visible: No Signed: - Status: Hidden from the Windows API! Name: spqv.sys Image Path: C:\Windows\System32\Drivers\spqv.sys Address: 0x8268D000 Size: 1048576 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: 祔数 Image Path: 祔数 Address: 0x92B26000 Size: 296576 File Visible: No Signed: - Status: Hidden from the Windows API! Name: ��禂ᅇ Image Path: ��禂ᅇ Address: 0x92A9E000 Size: 57344 File Visible: No Signed: - Status: Hidden from the Windows API! Hidden/Locked Files ------------------- Path: C:\System Volume Information\{07b8dd92-bfb9-11de-9418-002219dec3e0}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{07b8dd96-bfb9-11de-9418-002219dec3e0}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{9c6fa8b0-bfbe-11de-9d85-002219dec3e0}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\MSFEED~1.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6b d6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_ 1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_ 1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf 3c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_ 1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91 .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6 bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_ 1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578 ea1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.cr t_1fc8b3b9a1e18e3b_9.0.21022.8_none_750b37ff97f4f6 8b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_ 1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7 ed.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_5 8843c41d2730d3f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_ 1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c40 03bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.micros oft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_3da 38fdebd0e6822.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e0 53e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.open mp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218 504d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcl oc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd 3ce6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7a b8cc63a6e4c2a3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6b d6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.micros oft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_18f 8a87fd1919cd9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7 658964504b9f3b6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ abac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a1 4c0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_ 1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24a d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6b d6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_81 8f59bf601aa775.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_919 3a620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c1 1df268b7c6d9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.cr t_1fc8b3b9a1e18e3b_9.0.30729.1_none_99b61f5e8371c1 d4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_ 1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a 2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_51 6953ad0f4d16c4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b1 9c2866332652.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4d dfc6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsof t.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031 cda6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_ 8dd7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcl oc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e1 6e1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.open mp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547 f39.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e 0ebd6590e0b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25 f21d3d46d84.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6 bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcl oc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf1783 1d131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0 efb442f8a0f46c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_ 1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef 17b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microso ft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6 920e9f98fc.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c 6b5d18a9128.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_ 1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.open mp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e50 7087.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_ 1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76 806.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5d f56e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microso ft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5 dc0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_ 1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8 f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_ 1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af 1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005 _none_04642e8a80bb8b27\MI2095~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005 _none_04642e8a80bb8b27\MIC237~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a25 4f52777a\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_non e_29a6eeebde589a97\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_non e_2a3e34a2f76b9db7\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_non e_2b9dff39db71a7a1\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_non e_2be9bd5af4bd3b16\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18005_non e_2d991295d888a8b3\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.1 8005_none_b5c807ab2d93d829\SYSTEM~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.1 8005_none_b5c807ab2d93d829\System Performance.xml:0v1ieca3Feahez0jAwxjjk5uRh Status: Invisible to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.1 8005_none_b5c807ab2d93d829\System Performance.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} Status: Invisible to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3 d90d406f6a60fcd\SE9AEB~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3 d90d406f6a60fcd\SE3B5D~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3 d90d406f6a60fcd\SE54EE~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_ none_48e0ac03ef0db56a\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_ none_48e0ac03ef0db56a\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_ none_48e0ac03ef0db56a\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_ none_4979e8d10820826f\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_ none_4979e8d10820826f\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_ none_4979e8d10820826f\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_ none_4abfe8a3ec3a94fa\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_ none_4abfe8a3ec3a94fa\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_ none_4abfe8a3ec3a94fa\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_ none_4b2b163f056ebb45\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_ none_4b2b163f056ebb45\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_ none_4b2b163f056ebb45\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_ none_4cec3f51e92bbb79\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_ none_4cec3f51e92bbb79\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_ none_4cec3f51e92bbb79\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16 708_en-us_b9851a92245b1b73\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20 864_en-us_b9c9d6ad3dacfd87\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_non e_9b31bbe79077558b\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16720_none_a5 4ef540d05f91fc\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.20883_none_8e 870be4ea01d6ef\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.18111_none_a5 29d9f6d0b19e9d\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.22230_none_8e 5e4a92ea5717b0\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_non e_8469d28baa199a7e\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.secu rity.azroles_31bf3856ad364e35_6.0.6000.16386_none_ ea83414c2e75b887\Microsoft.Interop.Security.AzRole s.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_6.0.6002.18005_none_fe396 815d7e3cf11\MSFEED~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391 163f08d7422\MSFEED~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f4 3a7f094a691\MSFEED~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18828_none_df297 52df0984135\MSFEED~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b628 6870146b\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18005_none_0d553c2b 4c3b84e1\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca3 4c6c2c87\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a4 65949c3d\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.167 20_none_38b929534b68462d\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.208 83_none_21f13ff7650a8b20\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.181 11_none_38940e094bba52ce\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.222 30_none_21c87ea5655fcbe1\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_ none_7c654fdc62654993\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_ none_659d66807c078e86\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_ none_7c40349262b75634\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_ none_6574a52e7c5ccf47\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 00.16720_none_48d018cce81ec9cb\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 00.16720_none_48d018cce81ec9cb\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 00.20883_none_32082f7101c10ebe\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 00.20883_none_32082f7101c10ebe\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 01.18111_none_48aafd82e870d66c\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 01.18111_none_48aafd82e870d66c\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 01.22230_none_31df6e1f02164f7f\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 01.22230_none_31df6e1f02164f7f\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6 000.16720_none_b898612ecd927be5\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6 000.20883_none_a1d077d2e734c0d8\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6 001.18111_none_b87345e4cde48886\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6 001.22230_none_a1a7b680e78a0199\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.1672 0_none_7b4eba45cecd6936\IEEXEC~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.2088 3_none_6486d0e9e86fae29\IEEXEC~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.1811 1_none_7b299efbcf1f75d7\IEEXEC~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.2223 0_none_645e0f97e8c4eeea\IEEXEC~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_non e_0bca521ee450d037\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_non e_0c16103ffd9c63ac\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_non e_0dbc60fae16e5e8e\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_non e_0e2f5da3fa9d1ce3\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_non e_9b0ca09d90c9622c\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.22230_non e_84411139aa6edb3f\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b 05f09aa2a6a\MSFEED~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22918_none_dfbde 1e509adc50e\MSFEED~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18 096_en-us_bb08077221cc7808\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22 208_en-us_bbf4f6033a9f4c2e\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18 005_en-us_bd4ece0e1eaaafd1\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57 522f812d\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb0 6b4f218b\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\PLA\System\SYSTEM~1.XML Status: Locked to the Windows API! Path: C:\Windows\PLA\System\System Performance.xml:0v1ieca3Feahez0jAwxjjk5uRh Status: Invisible to the Windows API! Path: C:\Windows\PLA\System\System Performance.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} Status: Invisible to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASPN ET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYST EM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\Scm\SCM.EVM Status: Locked to the Windows API! Path: C:\Windows\System32\migwiz\dlmanifests\MIC237~1.MA N Status: Locked to the Windows API! Path: C:\Windows\System32\migwiz\dlmanifests\MI2095~1.MA N Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\Logs\WMITracing.log Status: Locked to the Windows API! Path: C:\Windows\temp\IswTmp\Logs\ISWSHEX.swl Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp Status: Locked to the Windows API! Path: c:\programdata\norton\00000082\00000109\000003c3\c ltlms1.dat Status: Allocation size mismatch (API: 65536, Raw: 0) Path: c:\programdata\norton\00000082\00000109\000003c3\c ltlms2.dat Status: Allocation size mismatch (API: 65536, Raw: 0) Path: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\logs\dadown.dat Status: Allocation size mismatch (API: 12288, Raw: 8192) Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.In terop.Security.AzRoles\6.0.6000.16386__31bf3856ad3 64e35\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE3B5D~1.XRM Status: Locked to the Windows API! Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE54EE~1.XRM Status: Locked to the Windows API! Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE9AEB~1.XRM Status: Locked to the Windows API! Path: C:\Users\Mark\AppData\Local\temp\IswTmp\Logs\ISWSH EX.swl Status: Locked to the Windows API! Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Gmx.co (mar cf\Inbox\60916D~1.EML:OEStandardProperty Status: Visible to the Windows API, but not on disk. Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Gmx.co (mar cf\Inbox\33025B~1.EML:OEStandardProperty Status: Visible to the Windows API, but not on disk. Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\m.a.r.k@sky.com (2)\Inbox\7F967F~1.EML:OEStandardProperty Status: Visible to the Windows API, but not on disk. Path: C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 011.ci Status: Visible to the Windows API, but not on disk. Path: C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 011.dir Status: Visible to the Windows API, but not on disk. Path: C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 011.wid Status: Visible to the Windows API, but not on disk. Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Storage Folders (5)\Recovered items\10-15-2009 823\mark.hogan@ d0a\Inbox\30EF68~1.EML:OEStandardProperty Status: Visible to the Windows API, but not on disk. Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Storage Folders (5)\Recovered items\10-15-2009 823\Storage Fol 43b\Recovered items\10-12-2009 823\mark.hogan@ 47d\Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1260 Status: Locked to the Windows API! SSDT ------------------- #: 013 Function Name: NtAlertResumeThread Status: Hooked by "<unknown>" at address 0x885b4048 #: 014 Function Name: NtAlertThread Status: Hooked by "<unknown>" at address 0x88592048 #: 018 Function Name: NtAllocateVirtualMemory Status: Hooked by "<unknown>" at address 0x88827a30 #: 021 Function Name: NtAlpcConnectPort Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2e08c #: 022 Function Name: NtAlpcCreatePort Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2e95c #: 042 Function Name: NtAssignProcessToJobObject Status: Hooked by "<unknown>" at address 0x8872c048 #: 054 Function Name: NtConnectPort Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2dae2 #: 060 Function Name: NtCreateFile Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f2643a #: 064 Function Name: NtCreateKey Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e45a90 #: 067 Function Name: NtCreateMutant Status: Hooked by "<unknown>" at address 0x888558e8 #: 071 Function Name: NtCreatePort Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2e5ec #: 072 Function Name: NtCreateProcess Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e41f54 #: 073 Function Name: NtCreateProcessEx Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e4237c #: 075 Function Name: NtCreateSection Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e4a354 #: 077 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "<unknown>" at address 0x888552f0 #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x8884e648 #: 115 Function Name: NtCreateWaitablePort Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2e74a #: 116 Function Name: NtDebugActiveProcess Status: Hooked by "<unknown>" at address 0x886d3048 #: 122 Function Name: NtDeleteFile Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f26586 #: 123 Function Name: NtDeleteKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f29a36 #: 126 Function Name: NtDeleteValueKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f29a68 #: 129 Function Name: NtDuplicateObject Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e40d92 #: 147 Function Name: NtFreeVirtualMemory Status: Hooked by "<unknown>" at address 0x88827890 #: 156 Function Name: NtImpersonateAnonymousToken Status: Hooked by "<unknown>" at address 0x88646048 #: 158 Function Name: NtImpersonateThread Status: Hooked by "<unknown>" at address 0x88607048 #: 165 Function Name: NtLoadDriver Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e20386 #: 166 Function Name: NtLoadKey Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e47e70 #: 167 Function Name: NtLoadKey2 Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e480ae #: 168 Function Name: NtLoadKeyEx Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e48560 #: 177 Function Name: NtMapViewOfSection Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e4a710 #: 184 Function Name: NtOpenEvent Status: Hooked by "<unknown>" at address 0x8862cc10 #: 186 Function Name: NtOpenFile Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f264ea #: 194 Function Name: NtOpenProcess Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e43fac #: 195 Function Name: NtOpenProcessToken Status: Hooked by "<unknown>" at address 0x87a3d068 #: 197 Function Name: NtOpenSection Status: Hooked by "<unknown>" at address 0x88680048 #: 201 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x88827c58 #: 210 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e571f4 #: 252 Function Name: NtQueryValueKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f29b3c #: 267 Function Name: NtRenameKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f29aa6 #: 268 Function Name: NtReplaceKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f29ad8 #: 276 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2d67a #: 280 Function Name: NtRestoreKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f29b0a #: 282 Function Name: NtResumeThread Status: Hooked by "<unknown>" at address 0x8852b108 #: 286 Function Name: NtSecureConnectPort Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e2ddae #: 289 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x87a39df8 #: 301 Function Name: NtSetInformationFile Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f265e6 #: 304 Function Name: NtSetInformationObject Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e570b8 #: 305 Function Name: NtSetInformationProcess Status: Hooked by "<unknown>" at address 0x88827658 #: 314 Function Name: NtSetSecurityObject Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e4987e #: 317 Function Name: NtSetSystemInformation Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e1fa40 #: 324 Function Name: NtSetValueKey Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x93f299d6 #: 330 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x88652048 #: 331 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x87a42120 #: 332 Function Name: NtSystemDebugControl Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e43078 #: 334 Function Name: NtTerminateProcess Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e42da8 #: 335 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x88522108 #: 342 Function Name: NtUnloadDriver Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e207d8 #: 348 Function Name: NtUnmapViewOfSection Status: Hooked by "<unknown>" at address 0x87a40270 #: 358 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x88827960 #: 382 Function Name: NtCreateThreadEx Status: Hooked by "<unknown>" at address 0x888553c0 #: 383 Function Name: NtCreateUserProcess Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x93e427f0 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x855251f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x855231f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x855231f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x855231f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x855231f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x855231f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x855231f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x855231f8 Size: 121 Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_CREATE] Process: System Address: 0x866db1f8 Size: 121 Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_CLOSE] Process: System Address: 0x866db1f8 Size: 121 Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_READ] Process: System Address: 0x866db1f8 Size: 121 Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_WRITE] Process: System Address: 0x866db1f8 Size: 121 Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x866db1f8 Size: 121 Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x866db1f8 Size: 121 Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x866db1f8 Size: 121 Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_SHUTDOWN] Process: System Address: 0x866db1f8 Size: 121 Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_POWER] Process: System Address: 0x866db1f8 Size: 121 Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x866db1f8 Size: 121 Object: Hidden Code [Driver: cdrom虙➴舑Ѕ䑎䵃, IRP_MJ_PNP] Process: System Address: 0x866db1f8 Size: 121 Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_CREATE] Process: System Address: 0x8659d1f8 Size: 121 Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_CLOSE] Process: System Address: 0x8659d1f8 Size: 121 Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8659d1f8 Size: 121 Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8659d1f8 Size: 121 Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_POWER] Process: System Address: 0x8659d1f8 Size: 121 Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8659d1f8 Size: 121 Object: Hidden Code [Driver: usbuhci牃Џ䅓䍓, IRP_MJ_PNP] Process: System Address: 0x8659d1f8 Size: 121 Object: Hidden Code [Driver: Smb前Ѕ瑎硦, IRP_MJ_CREATE] Process: System Address: 0x86d101f8 Size: 121 Object: Hidden Code [Driver: Smb前Ѕ瑎硦, IRP_MJ_CLOSE] Process: System Address: 0x86d101f8 Size: 121 Object: Hidden Code [Driver: Smb前Ѕ瑎硦, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86d101f8 Size: 121 Object: Hidden Code [Driver: Smb前Ѕ瑎硦, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86d101f8 Size: 121 Object: Hidden Code [Driver: Smb前Ѕ瑎硦, IRP_MJ_CLEANUP] Process: System Address: 0x86d101f8 Size: 121 Object: Hidden Code [Driver: Smb前Ѕ瑎硦, IRP_MJ_PNP] Process: System Address: 0x86d101f8 Size: 121 Object: Hidden Code [Driver: netbt蛏, IRP_MJ_CREATE] Process: System Address: 0x86b41500 Size: 121 Object: Hidden Code [Driver: netbt蛏, IRP_MJ_CLOSE] Process: System Address: 0x86b41500 Size: 121 Object: Hidden Code [Driver: netbt蛏, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86b41500 Size: 121 Object: Hidden Code [Driver: netbt蛏, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86b41500 Size: 121 Object: Hidden Code [Driver: netbt蛏, IRP_MJ_CLEANUP] Process: System Address: 0x86b41500 Size: 121 Object: Hidden Code [Driver: netbt蛏, IRP_MJ_PNP] Process: System Address: 0x86b41500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_CREATE] Process: System Address: 0x866bb1f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_CLOSE] Process: System Address: 0x866bb1f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x866bb1f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x866bb1f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_POWER] Process: System Address: 0x866bb1f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x866bb1f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄謅㞸賋, IRP_MJ_PNP] Process: System Address: 0x866bb1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE] Process: System Address: 0x855211f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_READ] Process: System Address: 0x855211f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE] Process: System Address: 0x855211f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x855211f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x855211f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x855211f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN] Process: System Address: 0x855211f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP] Process: System Address: 0x855211f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER] Process: System Address: 0x855211f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x855211f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP] Process: System Address: 0x855211f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x8659e1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x8659e1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8659e1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8659e1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x8659e1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8659e1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x8659e1f8 Size: 121 Object: Hidden Code [Driver: msahci, IRP_MJ_POWER] Process: System Address: 0x855241f8 Size: 121 Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x855241f8 Size: 121 Object: Hidden Code [Driver: msahci, IRP_MJ_PNP] Process: System Address: 0x855241f8 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_CREATE] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_CLOSE] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_READ] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_WRITE] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_QUERY_EA] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SET_EA] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SHUTDOWN] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_CLEANUP] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SET_SECURITY] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_POWER] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_SET_QUOTA] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: mrxsmb䝘褎Б浍慃섨괷, IRP_MJ_PNP] Process: System Address: 0x86541500 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_CREATE] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_CLOSE] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_READ] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_WRITE] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_SET_INFORMATION] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_SHUTDOWN] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_CLEANUP] Process: System Address: 0x897101f8 Size: 121 Object: Hidden Code [Driver: cdfsЈ䑎䵃0, IRP_MJ_PNP] Process: System Address: 0x897101f8 Size: 121 ==EOF==

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
[Resolved] IE 7 issues	Tarry	General Software	2	01-28-2008 06:57 PM
[Resolved] Wireless Issues	azza1988	Wireless Help	2	10-11-2007 05:04 PM
[Resolved] shutting down issues	optimusprimer	Windows XP/2000	3	08-21-2007 06:24 PM
[Resolved] Having some issues on this machine	sumodeluxe	[Fixed] Hijackthis! Logs	2	10-14-2006 07:11 PM
[Resolved] audio issues	Smokeycheech	Sound etc	2	08-06-2006 11:51 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode