Computer keeps crashing along with explorer.exe and run32dll.exe

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Am I infected? What do I do?

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

2 Pages

1 2 >

Computer keeps crashing along with explorer.exe and run32dll.exe, Can't even run HiJack This!

Options

JGagne View Member Profile	Jul 3 2009, 09:57 AM Post #1
Member Group: Members Posts: 24 Joined: 3-July 09 Member No.: 347,880	Hello, This is my first post, and I'm not too sure what my next step should be... The problem started yesterday, and I suspect it's related to a virus that was supposedly removed by AVG. Here's what's going on: - Windows Explorer crashes every 3 seconds; it restarts, then the message box pops up again - Right after that message comes up (on startup), my laptop claims run32dll.exe has stopped working - Other programs seem to be going wonky: I've seen Windows Defender message, Synaptics [I think it's the mouse pad on my laptop], Windows Task Scheduler, etc. - I've run AVG scan, 6 threats were found, along with tracking cookies... removed all of it. - I tried opening HiJack This, but it won't open either. - No Uninstall option in Remove A Program. I have no idea what to do next. Everyone always asks for a HiJack This log, but how do I run it if it won't open? Other things that may help: - I'm a noob with computers - I'm running Vista Home Premium - I'm using an HP Pavillion laptop - 3 GB Ram - 220 GB HDD - I'll give other details if needed and I'll respond quickly Please help, and many thanks in advance. Justin

rigel View Member Profile	Jul 3 2009, 11:32 AM Post #2
BC 1st Responder Group: Global Moderator Posts: 9,962 Joined: 21-October 04 From: South Carolina - USA Member No.: 3,905	Let's try this... Please download SmitfraudFix Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm -------------------- "In a world where you can be anything, be yourself." ~ unknown Become a BleepingComputer fan: Facebook

JGagne View Member Profile	Jul 6 2009, 02:52 PM Post #3
Member Group: Members Posts: 24 Joined: 3-July 09 Member No.: 347,880	Alright, here are the results: SmitFraudFix v2.423 Scan done at 15:45:59.93, 06/07/2009 Run from C:\Users\Administrator\Desktop\SmitfraudFix OS: Microsoft Windows [Version 6.0.6001] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\System32\wsqmcons.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\cmd.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Administrator »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ADMINI~1\AppData\Local\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Administrator\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\ADMINI~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, following keys are not inevitably infected!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="avgrsstx.dll" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» RK [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» DNS Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Atheros AR5009 802.11a/g/n WiFi Adapter DNS Server Search Order: 85.255.112.112 DNS Server Search Order: 85.255.112.212 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: NameServer=85.255.112.112,85.255.112.212 HKLM\SYSTEM\CCS\Services\Tcpip\..\{CC62308F-1949-4F78-9073-E37D050B8518}: DhcpNameServer=85.255.112.112,85.255.112.212 HKLM\SYSTEM\CCS\Services\Tcpip\..\{CC62308F-1949-4F78-9073-E37D050B8518}: NameServer=85.255.112.112,85.255.112.212 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: NameServer=85.255.112.112,85.255.112.212 HKLM\SYSTEM\CS1\Services\Tcpip\..\{CC62308F-1949-4F78-9073-E37D050B8518}: DhcpNameServer=85.255.112.112,85.255.112.212 HKLM\SYSTEM\CS1\Services\Tcpip\..\{CC62308F-1949-4F78-9073-E37D050B8518}: NameServer=85.255.112.112,85.255.112.212 HKLM\SYSTEM\CS2\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: NameServer=85.255.112.112,85.255.112.212 HKLM\SYSTEM\CS2\Services\Tcpip\..\{CC62308F-1949-4F78-9073-E37D050B8518}: DhcpNameServer=85.255.112.112,85.255.112.212 HKLM\SYSTEM\CS2\Services\Tcpip\..\{CC62308F-1949-4F78-9073-E37D050B8518}: NameServer=85.255.112.112,85.255.112.212 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.112,85.255.112.212 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.112,85.255.112.212 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.112.112,85.255.112.212 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End DNS Hijack? That's bad, right? How do I fix? Thanks.

rigel View Member Profile	Jul 6 2009, 02:59 PM Post #4
BC 1st Responder Group: Global Moderator Posts: 9,962 Joined: 21-October 04 From: South Carolina - USA Member No.: 3,905	Part II You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report. The report can also be found at the root of the system drive, usually at C:\rapport.txt Warning : running option #2 on a non infected computer will remove your Desktop background. -------------------- "In a world where you can be anything, be yourself." ~ unknown Become a BleepingComputer fan: Facebook

JGagne View Member Profile	Jul 6 2009, 04:22 PM Post #5
Member Group: Members Posts: 24 Joined: 3-July 09 Member No.: 347,880	Crud, I had already cleaned before you asked me too, and in normal mode :\| Here's the normal mode results: SmitFraudFix v2.423 Scan done at 16:28:37.80, 06/07/2009 Run from C:\Users\Administrator\Desktop\SmitfraudFix OS: Microsoft Windows [Version 6.0.6001] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost ::1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Atheros AR5009 802.11a/g/n WiFi Adapter DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! »»»»»»»»»»»»»»»»»»»»»»»» RK.2 »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End And the safe mode: SmitFraudFix v2.423 Scan done at 16:53:02.70, 06/07/2009 Run from C:\Users\Administrator\Desktop\SmitfraudFix OS: Microsoft Windows [Version 6.0.6001] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost ::1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: NameServer= HKLM\SYSTEM\CS1\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! »»»»»»»»»»»»»»»»»»»»»»»» RK.2 »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Thanks again for the help, and I hope I didn't screw up the process by cleaning in normal mode.

rigel View Member Profile	Jul 6 2009, 07:36 PM Post #6
BC 1st Responder Group: Global Moderator Posts: 9,962 Joined: 21-October 04 From: South Carolina - USA Member No.: 3,905	Thats ok... The program can run in normal mode, it is just more effective in safe mode. A couple of scans now... Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: -- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Note 2: -- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Next Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet. Please download and install SUPERAntiSpyware Free Double-click SUPERAntiSypware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.) Under the "Configuration and Preferences", click the Preferences... button. Click the "*General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked. Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked): Close browsers before scanning.* Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen and exit the program. Do not run a scan just yet. Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Double-click ATF-Cleaner.exe to run the program. Under Main "*Select Files to Delete" choose: Select All. Click the Empty Selected* button. If you use Firefox browser click Firefox at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser click Opera at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator". Scan with SUPERAntiSpyware as follows: Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose *Perform Complete Scan* and click "Next". After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "*Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes" and reboot normally. To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab.* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. -------------------- "In a world where you can be anything, be yourself." ~ unknown Become a BleepingComputer fan: Facebook

JGagne View Member Profile	Jul 7 2009, 08:34 AM Post #7
Member Group: Members Posts: 24 Joined: 3-July 09 Member No.: 347,880	K, before I continue, let me make sure I'm doing this right... I already had Malware Bytes, didn't work before, so I reinstalled from the links you posted. Still doesn't work. Even if I run as Administrator, there's a message that always pops up saying the program has stopped working. When I run in normal mode, nothing happens at all. So what's next? Just skip that step? Or is it essential to run that step? Oh, and by the way, I managed to get a HiJack This log if it helps (someone told me to run RSIT, and it worked)... I also have DDS logs. Should I just focus on those, or keep following your steps first? Thanks a lot, again... You don't realize how happy I'll be if I fix this thing. PS: In a log (I think from RSIT), it showed recently changed files in the past 30 days... I know my computer started acting up on July 2nd, when I downloaded malicious software. Is it a good idea to look for the created files and delete the ones that don't make sense (from that day)? PPS: There was a folder created named C:\RECYCLER\ along with the virus, but I can't even find it... Does that make sense? And one more thing: does the fact that I can't burn stuff to a DVD have to do with a virus?

rigel View Member Profile	Jul 7 2009, 08:58 AM Post #8
BC 1st Responder Group: Global Moderator Posts: 9,962 Joined: 21-October 04 From: South Carolina - USA Member No.: 3,905	The things you mention do make sense. We cannot work HJT or RSIT logs in this area of the forums. If you would like, we can move you to the HJT forums where they can use the more advanced tools. Jut let me know. Locate MBAM.exe and rename it to winlogon.exe and see if that will allow Malwarebytes to run. Take a look here for more info :Malwarebytes topic Continue with SAS if Malwarebytes still will not run. Thanks! -------------------- "In a world where you can be anything, be yourself." ~ unknown Become a BleepingComputer fan: Facebook

JGagne View Member Profile	Jul 7 2009, 09:05 AM Post #9
Member Group: Members Posts: 24 Joined: 3-July 09 Member No.: 347,880	Update: got Malwarebytes working.. Changed name to winlogon.exe... But as with 2 other antivirus programs, the scan freezes as soon as it hits c:\windows\system32\config\software... Is there a way to fix that? Thanks again.

rigel View Member Profile	Jul 7 2009, 09:35 AM Post #10
BC 1st Responder Group: Global Moderator Posts: 9,962 Joined: 21-October 04 From: South Carolina - USA Member No.: 3,905	Try running Malwarebytes in Safe Mode -------------------- "In a world where you can be anything, be yourself." ~ unknown Become a BleepingComputer fan: Facebook

JGagne View Member Profile	Jul 7 2009, 09:42 PM Post #11
Member Group: Members Posts: 24 Joined: 3-July 09 Member No.: 347,880	Alright, did both... Sorry, I think I get what's next, but not sure... I just copy and paste the Malware Bytes log in a new reply? That all?

rigel View Member Profile	Jul 7 2009, 10:24 PM Post #12
BC 1st Responder Group: Global Moderator Posts: 9,962 Joined: 21-October 04 From: South Carolina - USA Member No.: 3,905	Thats it -------------------- "In a world where you can be anything, be yourself." ~ unknown Become a BleepingComputer fan: Facebook

JGagne View Member Profile	Jul 7 2009, 10:29 PM Post #13
Member Group: Members Posts: 24 Joined: 3-July 09 Member No.: 347,880	Alrighty, here goes: Malwarebytes' Anti-Malware 1.38 Database version: 2385 Windows 6.0.6001 Service Pack 1 06/07/2009 10:50:42 PM mbam-log-2009-07-06 (22-50-42).txt Scan type: Quick Scan Objects scanned: 94646 Time elapsed: 5 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\MSIVXcount (Trojan.Agent) -> Delete on reboot. In case you gotta know, SUPERAntiSpyware coughed up 55 threats... 41 adwares and 14 Trogan somethings.. system/NS or something. 12 of the trojans in registry, 2 in files.. The 2 files had infiltrated the registry, causing the 12 others, I'm assuming. Thanks a lot man...

rigel View Member Profile	Jul 7 2009, 11:27 PM Post #14
BC 1st Responder Group: Global Moderator Posts: 9,962 Joined: 21-October 04 From: South Carolina - USA Member No.: 3,905	Install RootRepeal Click here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop. Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides. Click RootRepeal.exe to open the scanner. Click the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check the following items: Drivers Files Processes SSDT Stealth Objects Hidden Services Click OK Scan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report. Name the log RootRepeal.txt and save it to your Documents folder - (Default folder). Paste the log into your next reply. Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High -------------------- "In a world where you can be anything, be yourself." ~ unknown Become a BleepingComputer fan: Facebook

JGagne View Member Profile	Jul 8 2009, 09:59 AM Post #15
Member Group: Members Posts: 24 Joined: 3-July 09 Member No.: 347,880	Scan completed with these results: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Time: 2009/07/08 10:30 Program Version: Version 1.3.0.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_ahcix86s.sys Image Path: C:\Windows\System32\Drivers\dump_ahcix86s.sys Address: 0xA054A000 Size: 262144 File Visible: No Signed: - Status: - Name: dump_diskdump.sys Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys Address: 0xA0540000 Size: 40960 File Visible: No Signed: - Status: - Name: MSIVXrmqcijvwxhhvcxwovhisiayxwieqsppy.sys Image Path: C:\Windows\system32\drivers\MSIVXrmqcijvwxhhvcxwovhisiayxwieqsppy.sys Address: 0x9F64B000 Size: 180224 File Visible: - Signed: - Status: Hidden from Windows API! Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xB0DCF000 Size: 49152 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: spvx.sys Image Path: C:\Windows\System32\Drivers\spvx.sys Address: 0x80600000 Size: 1052672 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\Avenger\MSIVXcount Status: Invisible to the Windows API! Path: C:\Windows\System32\MSIVXcount Status: Invisible to the Windows API! Path: C:\Windows\System32\MSIVXqxeiuktudskouqxygaadmyfpuchqnpln.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\MSIVXtwqekcuplateiepneomwtxrejgxxysko.dll Status: Invisible to the Windows API! Path: C:\Windows\System32\drivers\MSIVXrmqcijvwxhhvcxwovhisiayxwieqsppy.sys Status: Invisible to the Windows API! Path: C:\Windows\System32\drivers\MSIVXviveqpttwqypstjufbmurpwplvxsyekq.sys Status: Invisible to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.16720_none_04c87b54ba4ac53 5\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.20883_none_ee0091f8d3ed0a2 8\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.18111_none_04a3600aba9cd1d 6\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.22230_none_edd7d0a6d4424ae 9\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496 \APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496 \APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496 \CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496 \DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496 \DEFINE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496 \EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496 \MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496 \SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989 \APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989 \APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989 \CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989 \DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989 \DEFINE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989 \EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989 \MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989 \SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137 \APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137 \APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137 \CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137 \DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137 \DEFINE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137 \EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137 \MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137 \SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a \APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a \APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a \CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a \DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a \DEFINE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a \EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a \MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a \SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\DEFINE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0b a\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0b a\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125a d\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125a d\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5 b\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5 b\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666 e\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666 e\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\DEFINE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~3.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~4.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBB00~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\CHOOSE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.18111_none_75c874a9a137a5f0\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965368d\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_bf5d932d312ea83f\$$DeleteMe.mscorjit.dll.01c9f918fe4fc34e.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638 6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_33db43850c7307a2\_SMSVC~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.22230_none_5efce545badd1f03\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.16720_none_62b207ce0c996d96\SETUPA~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.20883_none_4bea1e72263bb289\SETUPA~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.18111_none_628cec840ceb7a37\SETUPA~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.22230_none_4bc15d202690f34a\SETUPA~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~3.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~4.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBB00~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b \NAVIGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b \WEBADM~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b \WEBADM~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b \WEBADProcesses ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1444 Status: Locked to the Windows API! SSDT ------------------- #: 013 Function Name: NtAlertResumeThread Status: Hooked by "<unknown>" at address 0x889d6110 #: 014 Function Name: NtAlertThread Status: Hooked by "<unknown>" at address 0x889d01e8 #: 018 Function Name: NtAllocateVirtualMemory Status: Hooked by "<unknown>" at address 0x88a6fb18 #: 021 Function Name: NtAlpcConnectPort Status: Hooked by "<unknown>" at address 0x88869da0 #: 042 Function Name: NtAssignProcessToJobObject Status: Hooked by "<unknown>" at address 0x889c98e8 #: 067 Function Name: NtCreateMutant Status: Hooked by "<unknown>" at address 0x8941d680 #: 072 Function Name: NtCreateProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8ac52282 #: 073 Function Name: NtCreateProcessEx Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8ac52474 #: 077 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "<unknown>" at address 0x89421f60 #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x889d2390 #: 116 Function Name: NtDebugActiveProcess Status: Hooked by "<unknown>" at address 0x889c8b18 #: 129 Function Name: NtDuplicateObject Status: Hooked by "<unknown>" at address 0x88a60df0 #: 147 Function Name: NtFreeVirtualMemory Status: Hooked by "<unknown>" at address 0x88a66b30 #: 156 Function Name: NtImpersonateAnonymousToken Status: Hooked by "<unknown>" at address 0x88a71120 #: 158 Function Name: NtImpersonateThread Status: Hooked by "<unknown>" at address 0x88a70108 #: 165 Function Name: NtLoadDriver Status: Hooked by "<unknown>" at address 0x88869d28 #: 177 Function Name: NtMapViewOfSection Status: Hooked by "<unknown>" at address 0x88a69360 #: 184 Function Name: NtOpenEvent Status: Hooked by "<unknown>" at address 0x88a8b108 #: 194 Function Name: NtOpenProcess Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xb0dadc90 #: 195 Function Name: NtOpenProcessToken Status: Hooked by "<unknown>" at address 0x88997a00 #: 197 Function Name: NtOpenSection Status: Hooked by "<unknown>" at address 0x89433658 #: 201 Function Name: NtOpenThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xb0dadd7e #: 210 Function Name: NtProtectVirtualMemory Status: Hooked by "<unknown>" at address 0x89421808 #: 282 Function Name: NtResumeThread Status: Hooked by "<unknown>" at address 0x889b9ad0 #: 289 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x889d04c8 #: 305 Function Name: NtSetInformationProcess Status: Hooked by "<unknown>" at address 0x88a69128 #: 317 Function Name: NtSetSystemInformation Status: Hooked by "<unknown>" at address 0x894366b8 #: 330 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x889bb128 #: 331 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x889a04b0 #: 334 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xa003fdf0 #: 335 Function Name: NtTerminateThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xb0dadec4 #: 348 Function Name: NtUnmapViewOfSection Status: Hooked by "<unknown>" at address 0x889ce248 #: 358 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x88a65480 #: 382 Function Name: NtCreateThreadEx Status: Hooked by "<unknown>" at address 0x894201d8 #: 383 Function Name: NtCreateUserProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8ac5267c Stealth Objects ------------------- Object: Hidden Module [Name: MSIVXqxeiuktudskouqxygaadmyfpuchqnpln.dll] Process: svchost.exe (PID: 804) Address: 0x10000000 Size: 53248 Object: Hidden Module [Name: WinMgmtR.dll] Process: svchost.exe (PID: 1172) Address: 0x00db0000 Size: 8192 Object: Hidden Module [Name: winlogon.exe] Process: svchost.exe (PID: 1172) Address: 0x010c0000 Size: 323584 Object: Hidden Module [Name: winlogon.exe] Process: svchost.exe (PID: 1172) Address: 0x01b00000 Size: 323584 Object: Hidden Module [Name: WinMgmtR.dll] Process: svchost.exe (PID: 1172) Address: 0x70560000 Size: 8192 Object: Hidden Module [Name: tquery.dll] Process: svchost.exe (PID: 1172) Address: 0x70e50000 Size: 1589248 Object: Hidden Module [Name: profsvc.dll] Process: svchost.exe (PID: 1172) Address: 0x72fb0000 Size: 163840 Object: Hidden Module [Name: wevtapi.dll] Process: svchost.exe (PID: 1172) Address: 0x750a0000 Size: 258048 Object: Hidden Module [Name: msgrvsta.thm] Process: msnmsgr.exe (PID: 4456) Address: 0x73ca0000 Size: 20480 Object: Hidden Module [Name: MSIVXtwqekcuplateiepneomwtxrejgxxysko.dll] Process: firefox.exe (PID: 4516) Address: 0x10000000 Size: 237568 Object: Hidden Code [ETHREAD: 0x85581570] Process: System Address: 0x8ba104a0 Size: 2912 Object: Hidden Code [ETHREAD: 0x855cb2d8] Process: System Address: 0x855cb4cc Size: 2776 Object: Hidden Code [ETHREAD: 0x855cc020] Process: System Address: 0xa6a973f0 Size: 3088 Object: Hidden Code [ETHREAD: 0x855ccd78] Process: System Address: 0x815d2bf0 Size: 2 Object: Hidden Code [ETHREAD: 0x855ccad0] Process: System Address: 0xbc380410 Size: 3061 Object: Hidden Code [ETHREAD: 0x855cc2d8] Process: System Address: 0x8140d290 Size: 3445 Object: Hidden Code [ETHREAD: 0x8901f408] Process: System Address: 0xf365f530 Size: 2768 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x863931f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE] Process: System Address: 0x87c831f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE] Process: System Address: 0x87c831f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_READ] Process: System Address: 0x87c831f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE] Process: System Address: 0x87c831f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x87c831f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87c831f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87c831f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x87c831f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER] Process: System Address: 0x87c831f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x87c831f8 Size: 121 Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP] Process: System Address: 0x87c831f8 Size: 121 Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_CREATE] Process: System Address: 0x863831f8 Size: 121 Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_CLOSE] Process: System Address: 0x863831f8 Size: 121 Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863831f8 Size: 121 Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863831f8 Size: 121 Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_POWER] Process: System Address: 0x863831f8 Size: 121 Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863831f8 Size: 121 Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_PNP] Process: System Address: 0x863831f8 Size: 121 Object: Hidden Code [Driver: arc, IRP_MJ_CREATE] Process: System Address: 0x8637b1f8 Size: 121 Object: Hidden Code [Driver: arc, IRP_MJ_CLOSE] Process: System Address: 0x8637b1f8 Size: 121 Object: Hidden Code [Driver: arc, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8637b1f8 Size: 121 Object: Hidden Code [Driver: arc, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8637b1f8 Size: 121 Object: Hidden Code [Driver: arc, IRP_MJ_POWER] Process: System Address: 0x8637b1f8 Size: 121 Object: Hidden Code [Driver: arc, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8637b1f8 Size: 121 Object: Hidden Code [Driver: arc, IRP_MJ_PNP] Process: System Address: 0x8637b1f8 Size: 121 Object: Hidden Code [Driver: iteatapi, IRP_MJ_CREATE] Process: System Address: 0x863801f8 Size: 121 Object: Hidden Code [Driver: iteatapi, IRP_MJ_CLOSE] Process: System Address: 0x863801f8 Size: 121 Object: Hidden Code [Driver: iteatapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863801f8 Size: 121 Object: Hidden Code [Driver: iteatapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863801f8 Size: 121 Object: Hidden Code [Driver: iteatapi, IRP_MJ_POWER] Process: System Address: 0x863801f8 Size: 121 Object: Hidden Code [Driver: iteatapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863801f8 Size: 121 Object: Hidden Code [Driver: iteatapi, IRP_MJ_PNP] Process: System Address: 0x863801f8 Size: 121 Object: Hidden Code [Driver: iaStorV, IRP_MJ_CREATE] Process: System Address: 0x863711f8 Size: 121 Object: Hidden Code [Driver: iaStorV, IRP_MJ_CLOSE] Process: System Address: 0x863711f8 Size: 121 Object: Hidden Code [Driver: iaStorV, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863711f8 Size: 121 Object: Hidden Code [Driver: iaStorV, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863711f8 Size: 121 Object: Hidden Code [Driver: iaStorV, IRP_MJ_POWER] Process: System Address: 0x863711f8 Size: 121 Object: Hidden Code [Driver: iaStorV, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863711f8 Size: 121 Object: Hidden Code [Driver: iaStorV, IRP_MJ_PNP] Process: System Address: 0x863711f8 Size: 121 Object: Hidden Code [Driver: ql2300, IRP_MJ_CREATE] Process: System Address: 0x863881f8 Size: 121 Object: Hidden Code [Driver: ql2300, IRP_MJ_CLOSE] Process: System Address: 0x863881f8 Size: 121 Object: Hidden Code [Driver: ql2300, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863881f8 Size: 121 Object: Hidden Code [Driver: ql2300, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863881f8 Size: 121 Object: Hidden Code [Driver: ql2300, IRP_MJ_POWER] Process: System Address: 0x863881f8 Size: 121 Object: Hidden Code [Driver: ql2300, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863881f8 Size: 121 Object: Hidden Code [Driver: ql2300, IRP_MJ_PNP] Process: System Address: 0x863881f8 Size: 121 Object: Hidden Code [Driver: megasas, IRP_MJ_CREATE] Process: System Address: 0x863841f8 Size: 121 Object: Hidden Code [Driver: megasas, IRP_MJ_CLOSE] Process: System Address: 0x863841f8 Size: 121 Object: Hidden Code [Driver: megasas, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863841f8 Size: 121 Object: Hidden Code [Driver: megasas, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863841f8 Size: 121 Object: Hidden Code [Driver: megasas, IRP_MJ_POWER] Process: System Address: 0x863841f8 Size: 121 Object: Hidden Code [Driver: megasas, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863841f8 Size: 121 Object: Hidden Code [Driver: megasas, IRP_MJ_PNP] Process: System Address: 0x863841f8 Size: 121 Object: Hidden Code [Driver: HpCISSs, IRP_MJ_CREATE] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: HpCISSs, IRP_MJ_CLOSE] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: HpCISSs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: HpCISSs, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: HpCISSs, IRP_MJ_POWER] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: HpCISSs, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: HpCISSs, IRP_MJ_PNP] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: arcsas, IRP_MJ_CREATE] Process: System Address: 0x8637c1f8 Size: 121 Object: Hidden Code [Driver: arcsas, IRP_MJ_CLOSE] Process: System Address: 0x8637c1f8 Size: 121 Object: Hidden Code [Driver: arcsas, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8637c1f8 Size: 121 Object: Hidden Code [Driver: arcsas, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8637c1f8 Size: 121 Object: Hidden Code [Driver: arcsas, IRP_MJ_POWER] Process: System Address: 0x8637c1f8 Size: 121 Object: Hidden Code [Driver: arcsas, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8637c1f8 Size: 121 Object: Hidden Code [Driver: arcsas, IRP_MJ_PNP] Process: System Address: 0x8637c1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_CREATE] Process: System Address: 0x8638a1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_CLOSE] Process: System Address: 0x8638a1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8638a1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8638a1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_POWER] Process: System Address: 0x8638a1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8638a1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_PNP] Process: System Address: 0x8638a1f8 Size: 121 Object: Hidden Code [Driver: Mraid35x, IRP_MJ_CREATE] Process: System Address: 0x863861f8 Size: 121 Object: Hidden Code [Driver: Mraid35x, IRP_MJ_CLOSE] Process: System Address: 0x863861f8 Size: 121 Object: Hidden Code [Driver: Mraid35x, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863861f8 Size: 121 Object: Hidden Code [Driver: Mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863861f8 Size: 121 Object: Hidden Code [Driver: Mraid35x, IRP_MJ_POWER] Process: System Address: 0x863861f8 Size: 121 Object: Hidden Code [Driver: Mraid35x, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863861f8 Size: 121 Object: Hidden Code [Driver: Mraid35x, IRP_MJ_PNP] Process: System Address: 0x863861f8 Size: 121 Object: Hidden Code [Driver: adpu320, IRP_MJ_CREATE] Process: System Address: 0x8637a1f8 Size: 121 Object: Hidden Code [Driver: adpu320, IRP_MJ_CLOSE] Process: System Address: 0x8637a1f8 Size: 121 Object: Hidden Code [Driver: adpu320, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8637a1f8 Size: 121 Object: Hidden Code [Driver: adpu320, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8637a1f8 Size: 121 Object: Hidden Code [Driver: adpu320, IRP_MJ_POWER] Process: System Address: 0x8637a1f8 Size: 121 Object: Hidden Code [Driver: adpu320, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8637a1f8 Size: 121 Object: Hidden Code [Driver: adpu320, IRP_MJ_PNP] Process: System Address: 0x8637a1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x863721f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x863721f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863721f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863721f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x863721f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863721f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x863721f8 Size: 121 Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_CREATE] Process: System Address: 0x8638b1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_CLOSE] Process: System Address: 0x8638b1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8638b1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8638b1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_POWER] Process: System Address: 0x8638b1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8638b1f8 Size: 121 Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_PNP] Process: System Address: 0x8638b1f8 Size: 121 Object: Hidden Code [Driver: adpahci, IRP_MJ_CREATE] Process: System Address: 0x863781f8 Size: 121 Object: Hidden Code [Driver: adpahci, IRP_MJ_CLOSE] Process: System Address: 0x863781f8 Size: 121 Object: Hidden Code [Driver: adpahci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863781f8 Size: 121 Object: Hidden Code [Driver: adpahci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863781f8 Size: 121 Object: Hidden Code [Driver: adpahci, IRP_MJ_POWER] Process: System Address: 0x863781f8 Size: 121 Object: Hidden Code [Driver: adpahci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863781f8 Size: 121 Object: Hidden Code [Driver: adpahci, IRP_MJ_PNP] Process: System Address: 0x863781f8 Size: 121 Object: Hidden Code [Driver: iirsp, IRP_MJ_CREATE] Process: System Address: 0x8637f1f8 Size: 121 Object: Hidden Code [Driver: iirsp, IRP_MJ_CLOSE] Process: System Address: 0x8637f1f8 Size: 121 Object: Hidden Code [Driver: iirsp, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8637f1f8 Size: 121 Object: Hidden Code [Driver: iirsp, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8637f1f8 Size: 121 Object: Hidden Code [Driver: iirsp, IRP_MJ_POWER] Process: System Address: 0x8637f1f8 Size: 121 Object: Hidden Code [Driver: iirsp, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8637f1f8 Size: 121 Object: Hidden Code [Driver: iirsp, IRP_MJ_PNP] Process: System Address: 0x8637f1f8 Size: 121 Object: Hidden Code [Driver: ql40xx, IRP_MJ_CREATE] Process: System Address: 0x863891f8 Size: 121 Object: Hidden Code [Driver: ql40xx, IRP_MJ_CLOSE] Process: System Address: 0x863891f8 Size: 121 Object: Hidden Code [Driver: ql40xx, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863891f8 Size: 121 Object: Hidden Code [Driver: ql40xx, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863891f8 Size: 121 Object: Hidden Code [Driver: ql40xx, IRP_MJ_POWER] Process: System Address: 0x863891f8 Size: 121 Object: Hidden Code [Driver: ql40xx, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863891f8 Size: 121 Object: Hidden Code [Driver: ql40xx, IRP_MJ_PNP] Process: System Address: 0x863891f8 Size: 121 Object: Hidden Code [Driver: uliahci, IRP_MJ_CREATE] Process: System Address: 0x8638f1f8 Size: 121 Object: Hidden Code [Driver: uliahci, IRP_MJ_CLOSE] Process: System Address: 0x8638f1f8 Size: 121 Object: Hidden Code [Driver: uliahci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8638f1f8 Size: 121 Object: Hidden Code [Driver: uliahci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8638f1f8 Size: 121 Object: Hidden Code [Driver: uliahci, IRP_MJ_POWER] Process: System Address: 0x8638f1f8 Size: 121 Object: Hidden Code [Driver: uliahci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8638f1f8 Size: 121 Object: Hidden Code [Driver: uliahci, IRP_MJ_PNP] Process: System Address: 0x8638f1f8 Size: 121 Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_CREATE] Process: System Address: 0x87c161f8 Size: 121 Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_CLOSE] Process: System Address: 0x87c161f8 Size: 121 Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87c161f8 Size: 121 Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87c161f8 Size: 121 Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_POWER] Process: System Address: 0x87c161f8 Size: 121 Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x87c161f8 Size: 121 Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_PNP] Process: System Address: 0x87c161f8 Size: 121 Object: Hidden Code [Driver: Symc8xx, IRP_MJ_CREATE] Process: System Address: 0x8638c1f8 Size: 121 Object: Hidden Code [Driver: Symc8xx, IRP_MJ_CLOSE] Process: System Address: 0x8638c1f8 Size: 121 Object: Hidden Code [Driver: Symc8xx, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8638c1f8 Size: 121 Object: Hidden Code [Driver: Symc8xx, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8638c1f8 Size: 121 Object: Hidden Code [Driver: Symc8xx, IRP_MJ_POWER] Process: System Address: 0x8638c1f8 Size: 121 Object: Hidden Code [Driver: Symc8xx, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8638c1f8 Size: 121 Object: Hidden Code [Driver: Symc8xx, IRP_MJ_PNP] Process: System Address: 0x8638c1f8 Size: 121 Object: Hidden Code [Driver: nfrd960, IRP_MJ_CREATE] Process: System Address: 0x863871f8 Size: 121 Object: Hidden Code [Driver: nfrd960, IRP_MJ_CLOSE] Process: System Address: 0x863871f8 Size: 121 Object: Hidden Code [Driver: nfrd960, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863871f8 Size: 121 Object: Hidden Code [Driver: nfrd960, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863871f8 Size: 121 Object: Hidden Code [Driver: nfrd960, IRP_MJ_POWER] Process: System Address: 0x863871f8 Size: 121 Object: Hidden Code [Driver: nfrd960, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863871f8 Size: 121 Object: Hidden Code [Driver: nfrd960, IRP_MJ_PNP] Process: System Address: 0x863871f8 Size: 121 Object: Hidden Code [Driver: LSI_FC, IRP_MJ_CREATE] Process: System Address: 0x863821f8 Size: 121 Object: Hidden Code [Driver: LSI_FC, IRP_MJ_CLOSE] Process: System Address: 0x863821f8 Size: 121 Object: Hidden Code [Driver: LSI_FC, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863821f8 Size: 121 Object: Hidden Code [Driver: LSI_FC, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863821f8 Size: 121 Object: Hidden Code [Driver: LSI_FC, IRP_MJ_POWER] Process: System Address: 0x863821f8 Size: 121 Object: Hidden Code [Driver: LSI_FC, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863821f8 Size: 121 Object: Hidden Code [Driver: LSI_FC, IRP_MJ_PNP] Process: System Address: 0x863821f8 Size: 121 Object: Hidden Code [Driver: adpu160m, IRP_MJ_CREATE] Process: System Address: 0x863791f8 Size: 121 Object: Hidden Code [Driver: adpu160m, IRP_MJ_CLOSE] Process: System Address: 0x863791f8 Size: 121 Object: Hidden Code [Driver: adpu160m, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863791f8 Size: 121 Object: Hidden Code [Driver: adpu160m, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863791f8 Size: 121 Object: Hidden Code [Driver: adpu160m, IRP_MJ_POWER] Process: System Address: 0x863791f8 Size: 121 Object: Hidden Code [Driver: adpu160m, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863791f8 Size: 121 Object: Hidden Code [Driver: adpu160m, IRP_MJ_PNP] Process: System Address: 0x863791f8 Size: 121 Object: Hidden Code [Driver: Sym_u3, IRP_MJ_CREATE] Process: System Address: 0x8638e1f8 Size: 121 Object: Hidden Code [Driver: Sym_u3, IRP_MJ_CLOSE] Process: System Address: 0x8638e1f8 Size: 121 Object: Hidden Code [Driver: Sym_u3, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8638e1f8 Size: 121 Object: Hidden Code [Driver: Sym_u3, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8638e1f8 Size: 121 Object: Hidden Code [Driver: Sym_u3, IRP_MJ_POWER] Process: System Address: 0x8638e1f8 Size: 121 Object: Hidden Code [Driver: Sym_u3, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8638e1f8 Size: 121 Object: Hidden Code [Driver: Sym_u3, IRP_MJ_PNP] Process: System Address: 0x8638e1f8 Size: 121 Object: Hidden Code [Driver: Smb前Ї䅓䵃ꊼ齱훴袆훴袆, IRP_MJ_CREATE] Process: System Address: 0x889471f8 Size: 121 Object: Hidden Code [Driver: Smb前Ї䅓䵃ꊼ齱훴袆훴袆, IRP_MJ_CLOSE] Process: System Address: 0x889471f8 Size: 121 Object: Hidden Code [Driver: Smb前Ї䅓䵃ꊼ齱훴袆훴袆, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x889471f8 Size: 121 Object: Hidden Code [Driver: Smb前Ї䅓䵃ꊼ齱훴袆훴袆, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x889471f8 Size: 121 Object: Hidden Code [Driver: Smb前Ї䅓䵃ꊼ齱훴袆훴袆, IRP_MJ_CLEANUP] Process: System Address: 0x889471f8 Size: 121 Object: Hidden Code [Driver: Smb前Ї䅓䵃ꊼ齱훴袆훴袆, IRP_MJ_PNP] Process: System Address: 0x889471f8 Size: 121 Object: Hidden Code [Driver: netbt衶, IRP_MJ_CREATE] Process: System Address: 0x889cf500 Size: 121 Object: Hidden Code [Driver: netbt衶, IRP_MJ_CLOSE] Process: System Address: 0x889cf500 Size: 121 Object: Hidden Code [Driver: netbt衶, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x889cf500 Size: 121 Object: Hidden Code [Driver: netbt衶, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x889cf500 Size: 121 Object: Hidden Code [Driver: netbt衶, IRP_MJ_CLEANUP] Process: System Address: 0x889cf500 Size: 121 Object: Hidden Code [Driver: netbt衶, IRP_MJ_PNP] Process: System Address: 0x889cf500 Size: 121 Object: Hidden Code [Driver: UlSata, IRP_MJ_CREATE] Process: System Address: 0x863901f8 Size: 121 Object: Hidden Code [Driver: UlSata, IRP_MJ_CLOSE] Process: System Address: 0x863901f8 Size: 121 Object: Hidden Code [Driver: UlSata, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863901f8 Size: 121 Object: Hidden Code [Driver: UlSata, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863901f8 Size: 121 Object: Hidden Code [Driver: UlSata, IRP_MJ_POWER] Process: System Address: 0x863901f8 Size: 121 Object: Hidden Code [Driver: UlSata, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863901f8 Size: 121 Object: Hidden Code [Driver: UlSata, IRP_MJ_PNP] Process: System Address: 0x863901f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_CREATE] Process: System Address: 0x87d56500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_CLOSE] Process: System Address: 0x87d56500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87d56500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87d56500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_POWER] Process: System Address: 0x87d56500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x87d56500 Size: 121 Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_PNP] Process: System Address: 0x87d56500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x87c141f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x87c141f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87c141f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87c141f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x87c141f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x87c141f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x87c141f8 Size: 121 Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_CREATE] Process: System Address: 0x87d012e0 Size: 121 Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_CLOSE] Process: System Address: 0x87d012e0 Size: 121 Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87d012e0 Size: 121 Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87d012e0 Size: 121 Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_POWER] Process: System Address: 0x87d012e0 Size: 121 Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x87d012e0 Size: 121 Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_PNP] Process: System Address: 0x87d012e0 Size: 121 Object: Hidden Code [Driver: iteraid, IRP_MJ_CREATE] Process: System Address: 0x863811f8 Size: 121 Object: Hidden Code [Driver: iteraid, IRP_MJ_CLOSE] Process: System Address: 0x863811f8 Size: 121 Object: Hidden Code [Driver: iteraid, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863811f8 Size: 121 Object: Hidden Code [Driver: iteraid, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863811f8 Size: 121 Object: Hidden Code [Driver: iteraid, IRP_MJ_POWER] Process: System Address: 0x863811f8 Size: 121 Object: Hidden Code [Driver: iteraid, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863811f8 Size: 121 Object: Hidden Code [Driver: iteraid, IRP_MJ_PNP] Process: System Address: 0x863811f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE] Process: System Address: 0x8636f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_READ] Process: System Address: 0x8636f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE] Process: System Address: 0x8636f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8636f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8636f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8636f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN] Process: System Address: 0x8636f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP] Process: System Address: 0x8636f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER] Process: System Address: 0x8636f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8636f1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP] Process: System Address: 0x8636f1f8 Size: 12Hidden Services ------------------- Service Name: MSIVXserv.sys Image Path: C:\Windows\system32\drivers\MSIVXrmqcijvwxhhvcxwovhisiayxwieqsppy.sys ==EOF==

« Next Oldest · Am I infected? What do I do? · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 20th November 2009 - 11:03 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides